Solutions
Platform
Checkmarx One Platform
SAST
SCA
AI Security
API Security
ASPM
Codebashing
Container Security
DAST
IaC Security
Malicious Package Protection
SBOM
SSCS
Solutions
Code to Cloud
Developer Experience
DevSecOps
Supply Chain
Services
Support
Services
Maturity Assessment
Pricing
Plans & Packages
Partners
Partners
Our Partner Programs
Find a Partner
Programs
Channel Partners
GSI
Tech Partners
Existing Partners
Partner Portal
Academy
Partner Hub
Company
Checkmarx
About Us
Customers
Leadership
Awards & Recognition
News
Events
People
Careers at Checkmarx
Research
Checkmarx Zero
Get In Touch
Contact Us
Support Portal
Resources
Engage
Documentation
Packaging
Discover
Blog
Knowledge Hub
Case Studies
Events
News
Press Releases
E-books
White Papers
More resources
Checklist
Infographics & Interactives
Research & Reports
Solution Briefs
Videos
Webinars
Glossary
All Resources
Contact Us
Get a demo
Get a Demo
Jossef Harush
January 2, 2024
When “Everything” Goes Wrong: NPM Dependency-Hell Campaign – 2024 Edition
Read More
November 27, 2023
The Hidden Supply Chain Risks in Open-Source AI Models
Read More
August 9, 2023
Popular NuGet Package “Moq” Silently Exfiltrates User Data to Cloud Service
Read More
March 2, 2023
CocoaPods Subdomain Hijacked: This is How
Read More
December 14, 2022
How 140k NuGet, NPM, and PyPi Packages Were Used to Spread Phishing Links
Read More
October 7, 2022
LofyGang – Software Supply Chain Attackers; Organized, Persistent, and Operating for Over a Year
Read More
August 14, 2022
Typosquatting Campaign Targeting Python’s Top Packages, Dropping GitHub Hosted Malware with DGA Capabilities
Read More
August 3, 2022
Large Scale Campaign Created Fake GitHub Projects Clones with Fake Commit Added Malware
Read More
May 27, 2022
GitHub RepoJacking Weakness Exploited in the Wild by Attackers
Read More
May 25, 2022
Attacker Caught Hijacking Packages Using Multiple Techniques to Steal AWS Credentials
Read More
March 28, 2022
A Beautiful Factory for Malicious Packages
Read More
February 8, 2022
Our Response to NPM Account Takeover Attacks – ChainAlert, a Community-Backed Open Source Tool
Read More