InCheckmarx ZerobyYehuda GelbNovember 2024 in Software Supply Chain SecurityIn November 2024, supply chain attacks featured two key trends: attackers’ persistent use of “legitimate-first” package strategies and…2d ago
InCheckmarx ZerobyJossef Harush KadouriWASP Attack on Python — Polymorphic Malware Shipping WASP Stealer; Infecting Hundreds Of VictimsIn early November, several malicious packages were reported by Phylum and CheckPoint. We link these two reports to the same attacker with…Nov 15, 2022
InCheckmarx ZerobyTzachi(Zack) ZornHow We Were Able to Infiltrate Attacker Telegram BotsIt is not uncommon for attackers to publish malicious packages that exfiltrate victims’ data to them using Telegram bots. However, what if…Feb 1Feb 1
Newt TanOSPtrack: A Labeled Dataset Targeting Simulated Execution of Open-Source SoftwareOpen-source software serves as a foundation for the internet and the cyber supply chain, but its exploitation is becoming increasingly…Dec 4Dec 4
InCheckmarx ZerobyJossef Harush KadouriChat With a Software Supply Chain attackerA PyPi user account, aidoc, was found to have been publishing malicious packagesJan 22, 20235Jan 22, 20235
InCheckmarx ZerobyYehuda GelbNovember 2024 in Software Supply Chain SecurityIn November 2024, supply chain attacks featured two key trends: attackers’ persistent use of “legitimate-first” package strategies and…2d ago
InCheckmarx ZerobyJossef Harush KadouriWASP Attack on Python — Polymorphic Malware Shipping WASP Stealer; Infecting Hundreds Of VictimsIn early November, several malicious packages were reported by Phylum and CheckPoint. We link these two reports to the same attacker with…Nov 15, 2022
InCheckmarx ZerobyTzachi(Zack) ZornHow We Were Able to Infiltrate Attacker Telegram BotsIt is not uncommon for attackers to publish malicious packages that exfiltrate victims’ data to them using Telegram bots. However, what if…Feb 1
Newt TanOSPtrack: A Labeled Dataset Targeting Simulated Execution of Open-Source SoftwareOpen-source software serves as a foundation for the internet and the cyber supply chain, but its exploitation is becoming increasingly…Dec 4
InCheckmarx ZerobyJossef Harush KadouriChat With a Software Supply Chain attackerA PyPi user account, aidoc, was found to have been publishing malicious packagesJan 22, 20235
Paul BrabbanAre you at risk from this critical dbt vulnerability?A newly discovered critical security vulnerability in the dbt ecosystem (originally published on equalexperts.com)Jul 2
InCheckmarx ZerobyYehuda GelbMalicious NPM Package Exploits React Native Documentation ExampleA recent discovery revealed how official documentation can become an unexpected attack vector for supply chain attacks. It happened when an…Nov 28
InCheckmarx ZerobyYehuda GelbSupply Chain Attack Using Ethereum Smart Contracts to Distribute Multi-Platform MalwareAs part of our ongoing security efforts, we continuously monitor and detect malicious packages within various software ecosystems…Nov 4
