Solutions
Plans and Packages
Partners
Company
Resources
Contact Us

Technical Blog

March 30, 2023
CVE-2022-37734: graphql-java Denial-of-Service

March 17, 2023
From Zero to AppSec Anti-Hero: How AI Brings More Security Issues Than It Fixes

March 2, 2023
CocoaPods Subdomain Hijacked: This is How

February 21, 2023
How NPM Packages Were Used to Spread Phishing Links

February 14, 2023
Securing Open-Source Solutions: A Study of osTicket Vulnerabilities

February 1, 2023
Open Source vs Commercial AppSec Tools: Considerations for Enterprise

January 3, 2023
Exploiting GraphQL Query Depth

December 28, 2022
Alias and Directive Overloading in GraphQL

December 21, 2022
Didn’t Notice Your Rate Limiting: GraphQL Batching Attack

December 14, 2022
How 140k NuGet, NPM, and PyPi Packages Were Used to Spread Phishing Links

December 7, 2022
Move Over Verbose Error Messages, GraphQL APIs are Here

November 28, 2022
Attacker Uses a Popular TikTok Challenge to Lure Users Into Installing Malicious Package

November 28, 2022
What’s Old Becomes New Again: CSRF Attacks on GraphQL APIs

November 1, 2022
Analysis of OpenSSL CVE-2022-3786 and CVE-2022-3602

October 26, 2022
Attacking the Software Supply Chain with a Simple Rename

October 20, 2022
CVE-2022-42889: Text4shell Vulnerability Breakdown

October 7, 2022
LofyGang – Software Supply Chain Attackers; Organized, Persistent, and Operating for Over a Year

September 28, 2022
How We Created an API Security CTF

August 31, 2022
First Known Phishing Attack Against PyPi Users

August 26, 2022
Automatic Execution of Code Upon Package Download on Python Package Manager

Path traversal Code Bug Illustration

August 22, 2022
Most Dangerous CWEs of 2021

August 17, 2022
Malicious PyPi User Strikes Again with Typosquatting, StarJacking and Unpacks Tailor-made Malware written in C#

August 14, 2022
Typosquatting Campaign Targeting Python’s Top Packages, Dropping GitHub Hosted Malware with DGA Capabilities

August 3, 2022
Large Scale Campaign Created Fake GitHub Projects Clones with Fake Commit Added Malware

July 15, 2022
Unverified Commits: Are You Unknowingly Trusting Attackers’ Code?

July 6, 2022
“CuteBoi” Detected Preparing a Large-Scale Crypto Mining Campaign on NPM Users

June 27, 2022
Spring Function Cloud DoS (CVE-2022-22979) and Unintended Function Invocation

June 14, 2022
CVE-2021-33420: NPM Replicator Remote Code Execution Deserialization

June 8, 2022
New Technique Used by Attackers in NPM to Avoid Detection

May 27, 2022
GitHub RepoJacking Weakness Exploited in the Wild by Attackers

May 25, 2022
Attacker Caught Hijacking Packages Using Multiple Techniques to Steal AWS Credentials

February 8, 2022
Our Response to NPM Account Takeover Attacks – ChainAlert, a Community-Backed Open Source Tool

February 3, 2021
Exploitable Path – How to Solve a Static Analysis Nightmare

August 24, 2020
Integrating Checkmarx Security Results within GitLab

August 18, 2020
You Better Get Going with Go

January 6, 2020
Breaking Down the OWASP API Security Top 10 (Part 2)

November 6, 2019
Breaking Down the OWASP API Security Top 10 (Part 1)

October 24, 2019
NFC False Tag Vulnerability – CVE-2019-9295

February 4, 2019
Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT

December 20, 2018
Android WebView: Are Secure Coding Practices Being Followed?

May 7, 2018
Diving Deep into Regular Expression Denial of Service (ReDoS) in Go

Follow us

Trusted by

Awards & Recognition

Checkmarx is the leader in application security and ensures that enterprises worldwide can secure their application development from code to cloud. Our consolidated platform and services address the needs of enterprises by improving security and reducing TCO, while simultaneously building trust between AppSec, developers, and CISOs. At Checkmarx, we believe it’s not just about finding risk, but remediating it across the entire application footprint and software supply chain with one seamless process for all relevant stakeholders.

We are honored to serve more than 1,800 customers, which includes 40 percent of all Fortune 100 companies including Siemens, Airbus, SalesForce, Stellantis, Adidas, Wal-Mart and Sanofi.

Platforms
Solutions
Services
Resources
Compare To
Company
- About Us
- Awards
- Careers
- Customers
- Events
- Leadership
- News
- Press Releases
- Trust & Security
Connect
- Contact Us
- Support Portal

©2025 Checkmarx Ltd. All Rights Reserved. iISO/IEC 27001:2013 Certified

Privacy Policy
Terms of Use