Tal FolkmaninCheckmarx ZeroOver 170K Users Affected by Attack Using Fake Python InfrastructureMar 25Mar 25
Tal FolkmaninCheckmarx ZeroHow I Uncovered An Army of Fake User AccountsMitigating software supply chain attacks is a never-ending game of cat and mouse. We, as defenders, are always trying to find ways to close…Feb 20, 20231Feb 20, 20231
Tal FolkmaninCheckmarx ZeroEvolution of a Software Supply Chain AttackerJust like Hollywood has its own celebrities and well-known actors, the world of malicious open-source packages also has its own notorious…Jan 31, 2023Jan 31, 2023
Tal FolkmaninCheckmarx ZeroHunting for Malicious Code: The Dangers of WASP StealerWASP Stealer, for those of you who aren’t familiar, is an open-source malware created by loTus04 that is designed to steal sensitive…Dec 13, 2022Dec 13, 2022
Tal FolkmaninCheckmarx ZeroUnverified Commits: Are You Unknowingly Trusting Attackers’ Code?An alarming software supply chain attack technique allows threat actors to trick developers into using potentially malicious code.Jul 17, 2022Jul 17, 2022
Tal FolkmaninCheckmarx ZeroNew Technique Used by Attackers in NPM to Avoid DetectionCheckmarx SCS team recently detected several malicious NPM packages using a new evasion technique, enhancing dependency confusion attacks…Jun 9, 20221Jun 9, 20221
Tal FolkmaninCheckmarx ZeroAttacker adds evasive technique to their ongoing attacks on NPMCheckmarx supply chain security team is tracking the threat actor RED-LILI which is constantly developing its capabilities.Apr 26, 2022Apr 26, 2022