Yehuda GelbinCheckmarx ZeroAlert: CDN Service “polyfill.io”It’s not uncommon for things like domains and open-source projects to change hands. While many such transitions occur without incident, the…4 min read·Just now----
Yehuda GelbinCheckmarx ZeroA New North Korean Group Emerges, Disrupting the Open Source EcosystemIn December 2023, we reported on how North Korean threat actors, particularly Jade Sleet, have been compromising supply chains through the…5 min read·Jun 13, 2024----
Yehuda GelbinCheckmarx ZeroInstant Breach: Malicious Package Compromise — Victim vs Attacker’s POVOpen-source packages are an indispensable tool for developers. However, the convenience they offer comes with a significant risk: the…2 min read·May 9, 2024----
Yehuda GelbinCheckmarx ZeroNew Technique to Trick Developers Detected in an Open-Source Supply Chain Attack.In a recent attack campaign, cybercriminals were discovered cleverly manipulating GitHub’s search functionality, and using meticulously…7 min read·Apr 10, 2024----
Yehuda GelbinCheckmarx ZeroMarch 2024 in Software Supply Chain SecurityIn March 2024, the software supply chain faced unprecedented threats, including one of the most advanced supply chain attacks known to…3 min read·Apr 3, 2024----
Yehuda GelbinCheckmarx ZeroPyPi Is Under Attack: Project Creation and User Registration Suspended — Here’s the detailsA few hours ago, The Python Package Index (PyPi) suspended new project creation and new user registration to mitigate an ongoing malware…3 min read·Mar 28, 2024----
Yehuda GelbinCheckmarx ZeroGitHub Repos used for Distributing MalwareKey Points:3 min read·Mar 4, 2024----
Yehuda GelbinCheckmarx ZeroTornado Cash Theft Uncovered: Stealthy Attack Quietly Drains Funds from Decentralized Finance…Key Points4 min read·Feb 26, 2024----
Yehuda GelbinCheckmarx ZeroJanuary 2024 in Software Supply Chain SecurityAs we enter 2024, the cybersecurity landscape continues to be a battleground for advanced threats, particularly in software supply chains…3 min read·Feb 15, 2024----
Yehuda GelbinCheckmarx ZeroThe Hidden Dangers of Abandoned Digital Assets in Open-Source EcosystemsThe digital ocean on which many of us including the world’s largest corporations rely on, is filled with hidden dangers, particularly in…6 min read·Feb 8, 2024----