logo

Checkmarx Zero

ID: b3115d20-e056-572f-a664-55ab5bb316df

STIX ID: identity--b3115d20-e056-572f-a664-55ab5bb316df

Feed Type: rss

Earliest post: 2024-12-10

Latest post: 2026-05-12

Secure coding insights, application security research, vulnerability analysis, and DevSecOps best practices from the Checkmarx Zero team — focused on reducing risk in modern software development.

01/01/2020
06/04/2026
Title Date Published Describes IncidentAuthorVisible
OverDoS: Taking Down Over 70,000 n8n Instances2026-05-12TrueOri RonTrue
Same Origin, Same Tricks: Bypassing n8n’s CSP Sandbox (CVE-2026-27578)2026-04-06TrueOri RonTrue
Rapid Exploitation and Clever Malware in the Supply Chain, Last Week In AppSec (2026-04-02)2026-04-02TrueDarren MeyerTrue
GlassWorm Targets Developer IDEs Again, Hiding Staged Malware Behind Runtime-Rebuilt Loaders2026-03-23TrueDaniel MirandaTrue
Unearned Confidence: AI Security Reviewers Don’t Really Get It2026-03-05TrueAlon LernerTrue
AI fights and more attacks on dev infrastructure: Last Week in AppSec for 4. March 20262026-03-05TrueDarren MeyerTrue
Last Week in AppSec for 26. February 20262026-02-26TrueDarren MeyerTrue
Learning About LLM-Based Zero-Day Hunting with Claude Code’s Opus 4.62026-02-25TrueOri RonTrue
Protecting yourself against malicious open-source packages2026-02-19TrueDarren MeyerTrue
Last Week in AppSec for 12. Feb 20262026-02-12TrueDarren MeyerTrue
Last Week in AppSec for 12. Feb 20262026-02-12TrueDarren MeyerTrue
Solidity devs targeted again: Malicious VS Code extension drops ScreenConnect-based remote access trojan (RAT)2026-01-29TrueDaniel MirandaTrue
Last Week in AppSec for 29. January 20262026-01-29TrueDarren MeyerTrue
Last Week in AppSec for 15. January 20262026-01-15TrueDarren MeyerTrue
Last Week in AppSec for 08. January 20262026-01-07TrueDarren MeyerTrue
AI Model Confusion: An LLM/AI Model Supply Chain Attack2026-01-06TrueOri RonTrue
Turning AI Safeguards Into Weapons with HITL Dialog Forging2025-12-16TrueOri RonTrue
Cybersecurity AI agent is Vulnerable to Command Injection (CVE-2025-67511)2025-12-11TrueDarren MeyerTrue
Inside Shai-Hulud’s Maw: How The NPM Worm Exploits And Propagates2025-12-09TrueBruno DiasTrue
Taking Down More Malicious VSCode Extensions in the ‘Prettier’ Campaign2025-12-05TrueDarren MeyerTrue
React2Shell (CVE-2025-55182) Deserialization to Remote Code Execution in React and Next.js2025-12-04TrueAlex ShleymovichTrue
Exploiting Markdown Injection in AI agents: Microsoft Copilot Chat and Google Gemini2025-12-04TrueOri RonTrue
Last Week in AppSec for 02. December 20252025-12-01TrueDarren MeyerTrue
11 Emerging AI Security Risks with MCP (Model Context Protocol)2025-11-25TrueTal FolkmanTrue
How we take down malicious Visual Studio Code extensions2025-11-13TrueDaniel MirandaTrue
Last Week in AppSec for 11. November 20252025-11-11TrueDarren MeyerTrue
Last Week in AppSec for 04. November 20252025-11-04TrueDarren MeyerTrue
Last Week in AppSec for 28. October 20252025-10-28TrueDarren MeyerTrue
Last Week in AppSec for 21. October 20252025-10-21TrueDarren MeyerTrue
Last Week In AppSec for 14. October 20252025-10-14TrueDarren MeyerTrue
Last Week in AppSec for 07. October 20252025-10-07TrueDarren MeyerTrue
NPM Malware Alert: `@lanyer640/mcp-runcommand-server` with Reverse Shell2025-10-02TrueDarren MeyerTrue
Last Week in AppSec for 30. September 20252025-09-30TrueDarren MeyerTrue
When Vigilance Causes an Outage: The NPM Stylus Package Outage2025-07-29TrueRom GotshalTrue
Last Week in AppSec for 29. July 20252025-07-29TrueDarren MeyerTrue
Last Week in AppSec for 22. July 20252025-07-22TrueDarren MeyerTrue
Supply Chain Phishing Campaign Drops More Malware Into NPM: got-fetch 5.12025-07-21TrueTal FolkmanTrue
Last Week in AppSec for 15. July 20252025-07-15TrueDarren MeyerTrue
Last Week In AppSec for 08. July 20252025-07-08TrueDarren MeyerTrue
EchoLeak (CVE-2025-32711) Show us That AI Security is Challenging 2025-07-02TrueJoao Cunha da SilvaTrue
PyPI Supply Chain Attack Uncovered: Colorama and Colorizr Name Confusion2025-05-28TrueDarren MeyerTrue
CVE-2025-27520 Critical RCE In BentoML Has Fewer Affected Versions Than Reported2025-04-10TrueBruno DiasTrue
The Glass Sandbox – The Complexity of Python Sandboxing 2025-03-26TrueAlex ShleymovichTrue
Behind the Middleware Curtain — Explaining CVE-2025-29927, A Critical Authorization Bypass in Next.js2025-03-25TrueRaphael SilvaTrue
Find and Fix CVE-2025-30066, Compromised GitHub Actions Leading to Credential Leaks2025-03-18TrueDarren MeyerTrue
Understanding Vulnerability Hunting and its Challenges 2025-02-04TrueDavide FerreiraTrue
Skibidi Java – The Infinite Loop in Java Collections; Edge Case to Java Universal DoS   2025-01-23TrueEilon CohenTrue
NPM command confusion 2025-01-14TrueEugene RojavskiTrue
November 2024 in Software Supply Chain Security2024-12-10TrueYehuda GelbTrue

1–49 of 49

Built by the dogesec team. Copyright 2026.