Technical Blog

Category //

Technical Blog

CocoaPods Subdomain Hijacked: This is How

CocoaPods is THE dependency manager for iOS and Mac projects. It helps software developers easily add pre-made pieces of code (called “libraries” or “dependencies”) to their iOS or Mac projects. These code libraries can help developers add extra features or

Read More »

How NPM Packages Were Used to Spread Phishing Links

Unveiling the Latest NPM Ecosystem Threat: Thousands of SPAM Packages Flood the Network, A New Discovery by Checkmarx What Happened? NPM Anomalies Our technology collects and indexes evidence related to packages from all open-source ecosystems, allowing us to query historical

Read More »

Evolution of a Software Supply Chain Attacker

Just like Hollywood has its own celebrities and well-known actors, the world of malicious open-source packages also has its own notorious players. And just like Hollywood stars, these threat actors don’t always stay in the spotlight. They can take breaks

Read More »

Exploiting GraphQL Query Depth

GraphQL was created and developed with flexibility in mind: clients should be given the power to ask for exactly what they need and nothing more. Much of this flexibility involves allowing customers to execute multiple queries in a single request,

Read More »

Alias and Directive Overloading in GraphQL

Denial of Service (DoS) attacks in GraphQL APIs are nothing new. It turns out that when you let clients control what data they want to receive from the server, malicious users try to abuse this flexibility to exhaust resources. Who

Read More »
Skip to content