Yehuda GelbinCheckmarx ZeroTip of the Iceberg: Malicious Python Packages Reveal Extensive Cybercriminal Operation Based in…Recently, a series of malicious Python packages surfaced on PyPI, uploaded by a user named “dsfsdfds”. These packages contained a malicious…18h ago
Jossef Harush KadouriinCheckmarx ZeroWASP Attack on Python — Polymorphic Malware Shipping WASP Stealer; Infecting Hundreds Of VictimsIn early November, several malicious packages were reported by Phylum and CheckPoint. We link these two reports to the same attacker with…Nov 15, 2022
Paul BrabbanAre you at risk from this critical dbt vulnerability?A newly discovered critical security vulnerability in the dbt ecosystem (originally published on equalexperts.com)Jul 2Jul 2
Aardvark InfinityinAardvark InfinityManaging Cybersecurity Risks in Supply Chain NetworksAuthor: Aardvark Infinity | www.aardvarkinfinity.com5d ago5d ago
Jossef Harush KadouriinCheckmarx ZeroChat With a Software Supply Chain attackerA PyPi user account, aidoc, was found to have been publishing malicious packagesJan 22, 20235Jan 22, 20235
Yehuda GelbinCheckmarx ZeroTip of the Iceberg: Malicious Python Packages Reveal Extensive Cybercriminal Operation Based in…Recently, a series of malicious Python packages surfaced on PyPI, uploaded by a user named “dsfsdfds”. These packages contained a malicious…18h ago
Jossef Harush KadouriinCheckmarx ZeroWASP Attack on Python — Polymorphic Malware Shipping WASP Stealer; Infecting Hundreds Of VictimsIn early November, several malicious packages were reported by Phylum and CheckPoint. We link these two reports to the same attacker with…Nov 15, 2022
Paul BrabbanAre you at risk from this critical dbt vulnerability?A newly discovered critical security vulnerability in the dbt ecosystem (originally published on equalexperts.com)Jul 2
Aardvark InfinityinAardvark InfinityManaging Cybersecurity Risks in Supply Chain NetworksAuthor: Aardvark Infinity | www.aardvarkinfinity.com5d ago
Jossef Harush KadouriinCheckmarx ZeroChat With a Software Supply Chain attackerA PyPi user account, aidoc, was found to have been publishing malicious packagesJan 22, 20235
Yehuda GelbinCheckmarx ZeroA New North Korean Group Emerges, Disrupting the Open Source EcosystemIn December 2023, we reported on how North Korean threat actors, particularly Jade Sleet, have been compromising supply chains through the…Jun 13
Yehuda GelbinCheckmarx ZeroAlert: CDN Service “polyfill.io”It’s not uncommon for things like domains and open-source projects to change hands. While many such transitions occur without incident, the…Jun 27
Tzachi(Zack) ZorninCheckmarx ZeroHow We Were Able to Infiltrate Attacker Telegram BotsIt is not uncommon for attackers to publish malicious packages that exfiltrate victims’ data to them using Telegram bots. However, what if…Feb 1