Yehuda GelbinCheckmarx ZeroAlert: CDN Service “polyfill.io”It’s not uncommon for things like domains and open-source projects to change hands. While many such transitions occur without incident, the…Jun 27Jun 27
Yehuda GelbinCheckmarx ZeroA New North Korean Group Emerges, Disrupting the Open Source EcosystemIn December 2023, we reported on how North Korean threat actors, particularly Jade Sleet, have been compromising supply chains through the…Jun 13Jun 13
Yehuda GelbinCheckmarx ZeroInstant Breach: Malicious Package Compromise — Victim vs Attacker’s POVOpen-source packages are an indispensable tool for developers. However, the convenience they offer comes with a significant risk: the…May 9May 9
Yehuda GelbinCheckmarx ZeroNew Technique to Trick Developers Detected in an Open-Source Supply Chain Attack.In a recent attack campaign, cybercriminals were discovered cleverly manipulating GitHub’s search functionality, and using meticulously…Apr 10Apr 10
Yehuda GelbinCheckmarx ZeroMarch 2024 in Software Supply Chain SecurityIn March 2024, the software supply chain faced unprecedented threats, including one of the most advanced supply chain attacks known to…Apr 3Apr 3
Yehuda GelbinCheckmarx ZeroPyPi Is Under Attack: Project Creation and User Registration Suspended — Here’s the detailsA few hours ago, The Python Package Index (PyPi) suspended new project creation and new user registration to mitigate an ongoing malware…Mar 28Mar 28
Yehuda GelbinCheckmarx ZeroTornado Cash Theft Uncovered: Stealthy Attack Quietly Drains Funds from Decentralized Finance…Key PointsFeb 26Feb 26
Yehuda GelbinCheckmarx ZeroJanuary 2024 in Software Supply Chain SecurityAs we enter 2024, the cybersecurity landscape continues to be a battleground for advanced threats, particularly in software supply chains…Feb 15Feb 15
Yehuda GelbinCheckmarx ZeroThe Hidden Dangers of Abandoned Digital Assets in Open-Source EcosystemsThe digital ocean on which many of us including the world’s largest corporations rely on, is filled with hidden dangers, particularly in…Feb 8Feb 8