Tzachi(Zack) ZorninCheckmarx ZeroNavigating the Rising Tide of CI/CD Vulnerabilities: The Jenkins and TeamCity Case StudiesOriginally published on Checkmarx.comFeb 6Feb 6
Tzachi(Zack) ZorninCheckmarx ZeroHow We Were Able to Infiltrate Attacker Telegram BotsIt is not uncommon for attackers to publish malicious packages that exfiltrate victims’ data to them using Telegram bots. However, what if…Feb 1Feb 1
Tzachi(Zack) ZorninCheckmarx ZeroWhen the Hunter Becomes the HuntedA cybersecurity researcher, delving into the depths of a malicious Python package, suddenly finds themselves in the crosshairs of the very…Jan 18Jan 18
Tzachi(Zack) ZorninCheckmarx ZeroMalicious Packages Linked Across Languages and the Dangers of Abandoned Open-Source DependenciesIn open-source software’s tangled web of software dependencies, developers often overlook the potential hazards lurking within software…Jun 14, 2023Jun 14, 2023
Tzachi(Zack) ZorninCheckmarx ZeroPyPi on Hold: Suspends New Users’ and Projects Creations Due to A High Volume of Malicious ActivityA few hours ago, the PyPi team announced that they are temporarily suspending the creation of new users and the publication of new projectsMay 20, 20231May 20, 20231
Tzachi(Zack) ZorninCheckmarx ZeroDeveloper Entity Behavioral Analysis (DEBA) EngineIn today’s fast-paced digital landscape, supply chain attacks have the potential to impact millions of unsuspecting victims in the blink of…Apr 25, 2023Apr 25, 2023
Tzachi(Zack) ZorninCheckmarx ZeroPyTorch, a Leading ML Framework, Was Poisoned with Malicious DependencyFor a period of five days, the nightly version of PyTorch, a popular machine-learning framework, was compromised by a supply chain attack…Jan 1, 2023Jan 1, 2023