Joined April 2022
- Tweets 400
- Following 18
- Followers 238
- Likes 27
153 Photos and videos
Jun 11
AI doesn't replace established security testing tools, but it can augment them — if you're thoughtful about how you do so. We've been in the lab for months working on generating real data on various approaches that improve overall accuracy (not just reducing FPs, but reducing FNs / increasing coverage too).
There's exciting news coming soon, but meanwhile we thought it might be nice to share how we built our research system to make sure we're making data-driven decisions about results quality. There are already too many vendors building hype and then trying to cherry-pick data to justify it, we don't want to be that.
So we figured out a way to assess scan accuracy that's highly repeatable, reflects real-world applications, and introduces as little error as possible while still being affordable to run. And with that process in place, we're seeing dramatic AI SAST accuracy improvements in the lab, some of which will be coming to our product soon!
Learn about our approach and what we're seeing in the data: checkmarx.com/zero-post/proo…
2
4
132
May 19
🚨 CVE-2026-44578 just dropped with a CVSS score of 8.6 affecting Next.js versions from 13.4.13 prior to 15.5.16 and 16.0.0 prior to 16.0.5.
This fixes a Server-Side Request Forgery vulnerability that allows an unauthenticated attacker to retrieve internal content of any host reachable via port 80.
The issue is related to how Next.js deals with HTTP/1.1 WebSocket upgrade handler impacting self-hosted applications that are directly exposed to the internet.
This vulnerability is fixed in v15.5.16 and v16.2.5.
More details: devhub.checkmarx.com/cve-det…
1
102
May 14
🚨 Exim v4.99.3 is out, patching a critical use-after-free vulnerability.
CVE-2026-45185 allows an unauthenticated attacker to achieve #RCE, affecting all versions prior to v4.99.3.
#AppSec teams should pay close attention. Exim often sits as a core dependency under other mail-handling stacks and appliances, meaning the blast radius extends well past direct deployments.
Be sure to upgrade to v4.99.3
devhub.checkmarx.com/cve-det…
1
162
May 12
What can you learn from n8n's OverDoS vulnerability? Mainly how to handle design decisions around implementing OpenID's DCR (Dynamic Client Registration). If you have an OAuth 2.0 enabled application, you might want DCR: but you also have to think it through!
See more on our first-ever Substack post: "OverDoS: How OpenID bit n8n" -- checkmarxzero.substack.com/p…
We'll show you how reasonable design decisions led to potential for a massive denial of service, and how the folks at n8n made small changes to dramatically reduce the risk.
1
52
May 12
Make sure you've patched #n8n to avoid #OverDoS, a vulnerability that allows attackers to take down any n8n instance they can connect to. Three safe patch levels, depending on your branch: 1.123.32; 2.18.1; 2.17.4
Checkmarx Zero researcher Ori Ron reported this unauthenticated DoS issue to n8n, who responded promptly with a fix and coordinated disclosure as #CVE-2026-42236 (CVSS v4.0 = 8.7).
Root cause is the implementation of Dynamic Client Registration (#DCR), which makes the vulnerability very difficult to mitigate sufficiently; we're recommending that you prioritize patch deployment, **especially if your n8n server is reachable on the public internet**.
Details, tactics, demo, and more information available on the Checkmarx Zero blog: checkmarx.com/zero-post/n8n-…
3
121
May 12
If you've never heard Erez Yalon speak, you're missing out! He's at #FOST in NYC later this week, diving hard into attack surface and other challenges with #MCP systems. Come check him out!
#InformationSecurity #InfoSec #Cybersecurity #AI #AISecurity
1
45
May 6
#CopyFail has been added to the CISA KEV; and it's an AppSec consideration that too many practitioners are ignoring.
The Linux vulnerability (CVE-2026-31431) can allow for privesc from unprivileged to root, and is seeing active exploitation. AppSec teams sometimes ignore such things as an "ops problem". But if you're using containers to distribute your app, that's a clear #SoftwareSupplyChain matter, and should definitely be in scope for AppSec teams.
But look further as well: even if you're running your application on a more traditional server, or on something like EC2 instances, don't think of host OS vulnerabilities as purely an ops problem. The OS your apps run on top of massively affects the operational safety and security of the application. You're a stakeholder.
Even if ops "owns" the patching of the OS, you should have a seat at that table, influencing priority and tracking patching progress.
176
May 5
Come check out our director of security research, Ricardo, at #DevWorld in Amsterdam this week! He speaks on Thursday May 7 at 16:00 CEST.
He'll be diving deep into Model Context Protocol (#MCP) and its #CyberSecurity risks for organizations adopting #AI.
#AISecurity #LLM #ApplicationSecurity #InformationSecurity
74
Apr 24
A Critical unauthenticated #RCE via Import Authorization Bypass (CVE-2026-41679) was found in #Paperclip with a CVSS score of 10.0.
The issue was found in @paperclipai/server npm package affecting all versions prior to v2026.416.0 and canary/v2026.410.0-canary.1. The vulnerability was disclosed with a working PoC that chains 6 API requests leading to full control of the paperclip server OS.
Stay safe by upgrading paperclipai to v2026.416.0 or `canary/v2026.424.0-canary.0`.
In times where agents are given broad permissions to run systems, it's more important than ever to know what you're running, who built it, and whether the front door is actually locked.
More details here: devhub.checkmarx.com/cve-det…
1
2
160
Apr 2
With the #Axios supply chain issue last week, you might have missed a couple of other supply chain issues. #LastWeekInAppSec included:
🔨 rapid exploitation of a code injection RCE in #Langflow AI platform (#CVE-2026-33017)
🕵️♂️ a clever malicious #Python package (#Telnyx) that used a valid .wav audio file to hide its payload.
▷ Read the details: checkmarx.com/zero-post/rapi…
#AppSec #DevSecOps #MaliciousPackage #SupplyChainSecurity #DevOps #LLM #AISecurity
106
Apr 2
A critical path traversal vulnerability (CVE-2025-15036) has been identified in MLflow with a CVSS score of 9.6.
The extract_archive_to_dir function within mlflow/pyfunc/dbconnect_artifact_cache.py lacks validation of tar member paths during extraction. An attacker with control over a tar.gz file can exploit this to overwrite arbitrary files or gain elevated privileges, potentially escaping the sandbox directory entirely.
This is especially dangerous in multi-tenant or shared cluster environments, and affects all versions before v3.7.0.
Stay safe by upgrading to MLflow v3.7.0 or later and restricting access to untrusted tar.gz archives until you've patched.
Path Traversal in mlflow - CVE-2025-15036
devhub.checkmarx.com/cve-det…
1
184
Apr 1
Are you doing enough to protect your developers against malicious IDE plugins? The latest tactic changes in the #GlassWorm campaign are once again showing us that this is an important and emerging threat.
Daniel Miranda and Daniela Fonseca give us a deeper look into how the campaign is evolving. They know what they're talking about: they're part of our team that hunts these malicious IDE extensions and gets them taken down.
▷ READ the article: checkmarx.com/zero-post/glas…
#AppSec #DevSecOps #DevOps #ProductSecurity #Malware #VSCode
2
94
Mar 31
🚨Axios Supply Chain Attack
A new supply chain attack has been identified targeting the widely used Axios package, introducing malicious code into published versions.
Compromised versions: axios: 1.14.1, 0.30.4
These compromised versions inject a malicious dependency: plain-crypto-js: 4.2.1
These malicious packages are already identified by our Malicious Package Identification API (MPIAPI), and flagged by Malicious Package Protection (MPP) during SCA scans, helping protect Checkmarx customers as the campaign evolves.
🔍 Why this matters
- Executes across dev, CI/CD, and production environments
- Enables outbound communication to attacker-controlled infrastructure
- Risks data exfiltration and remote payload execution
- High blast radius due to Axios adoption
🧪 How to check if you may be impacted
- Check installed versions: npm list axios / npm list plain-crypto-js
- Look for traffic to: sfrclak[.]com (142.11.206.73)
- Review logs for anomalies
🛡️ Recommended actions
- Remove affected versions immediately
- Pin dependencies to trusted versions
- Block known IOCs at network level
- Audit CI/CD pipelines for automatic updates
- Rotate credentials if exposure is suspected
This is another reminder that software supply chain attacks are increasingly targeting high-trust, widely used libraries.
#AppSec #SupplyChainSecurity #OpenSourceSecurity #DevSecOps #SCA #CyberSecurity #Axios
51
Mar 18
A critical unauthenticated #RCE vulnerability (CVE-2026-33017) has been identified in #Langflow.
The /api/v1/build_public_tmp/{flow_id}/flow endpoint allows attackers to supply malicious flow data containing arbitrary Python code, which is executed via exec() without sandboxing. This results in full remote code execution without requiring authentication.
Unlike previous fixes, this endpoint is intentionally public but improperly trusts user-controlled input.
Stay safe by restricting access to public flow endpoints and avoiding untrusted flow data until a fix is available.
devhub.checkmarx.com/cve-det…
1
1
95
Mar 13
🚨 #PhantomRaven update
The Checkmarx Zero research team identified additional packages linked to the latest activity in this ongoing supply chain campaign.
To support the security community and maintain transparency, we’re sharing an updated list of packages tied to the campaign, including previously reported packages and newly discovered ones identified by Checkmarx Zero.
📦 List of packages (previously reported newly discovered): 🔗 gist.github.com/cx-ricardo-g…
#OpenSourceSecurity #SupplyChainSecurity #npm #Malware #AppSec #PhantomRaven
38
Mar 5
AI-based security review tools are fascinating, so of course we've been pushing them to discover their strengths and limits.
One of our senior security researchers, Alon Lerner, noted that security review commands and tools in LLMs definitely sound very confident in their results. But that confidence is often unearned.
LLM-based tools are probabilistic, require significant context to get meaningful results, and make important mistakes in analysis that can mislead AppSec teams and developers.
But there's real value available to organizations that adopt these tools to augment their security programs. IF you understand the strengths and limitations and use them wisely.
Learn more: checkmarx.com/zero-post/unea…
1
35
Mar 5
Whoever had "AI attacks against GitHub Actions" on their #AppSec bingo card won this last week with the "hackerbot-claw" thing. We cover that story and more:
🦞 OpenClaw had a vulnerability leading authenticated gateway users to be able to completely take over the host agents.
🤖 ModelScope MS-Agent bug (CVE-2026-2256) enabled OS command execution
🦠 "Contagious Interview" followup campaign got the "name and logo" treatment as StegaBin
🕸️ Popular Wordpress extension SiteOrigin Page Builder didn't keep its template discovery well-contained (CVE-2026-2448)
For details on the hackerbot-claw campaign and those other stories, check out our latest Last Week In AppSec feature: checkmarx.com/zero-post/ai-f…
#LastWeekInAppSec #AISecurity #SupplyChainSecurity #ApplicationSecurity #Cybersecurity
78
Mar 4
📢 CVSS 10.0 Critical RCE disclosed in OpenClaw npm module prior to 2026.2.14
Remote Code Execution in openclaw results in full host takeover, exposed when an attacker manages to authenticate to gateway, meaning this is an elevation of privilege allowing lateral movement and increased access.
Fixed in openclaw@2026.2.14.
📦 github.com/advisories/GHSA-g…
#RCE #OpenClaw #Vulnerability #AISecurity
69
Feb 27
Following up on yesterday's alert regarding the reactivation of the "Contagious Interview" campaign on #npm, we've identified 18 new malicious packages.
At the time of writing, three of them are still up in npm:
chai-as-confirmed
chai-as-refined
js-nodecat
This time, some of these packages include variations with "chain", and other typosquatting names of known packages (e.g., argonnode instead of argon, js-nodecat instead of nodecat).
Developers must stay vigilant:
🔍 Review your installed packages and dependencies carefully.
🚫 Do not install any package containing `smoke:pino` or `smoke:file` in the "scripts" section of package.json.
1
47