Checkmarx

06/04/2025

Have you signed up for the Summit happening on June 24? Click over to http://checkmarx.ai/ and see what speakers Andrew Zigler, IDC's Katie Norton, Steve Yegge and Checkmarx leaders will be presenting on the dev and impact of agentic AI. 🎙️ Join us!

Discover how teams secure code without slowing down. Join devs, AppSec pros & leaders to explore autonomous security with demos, insights & more.

06/02/2025

This past week the Checkmarx Zero security research team "uncovered two malicious campaigns targeting Python and NPM users looking for the popular Colorama and Colorizr packages. Relying on & name-confusion, the threat actors uploaded multiple packages with names similar to legitimate PyPI and NPM ones."

Noteworthy stories that might have slipped under the radar: simple PoC code released for Fortinet zero-day, OpenAI O3 disobeys shutdown orders, source code of SilverRAT emerges online.

05/29/2025

"Darren Meyer, security research advocate at Checkmarx, said the attack appears to be targeting applications developers using hashtag , a widely-used Python package for colorizing terminal output and a similar JavaScript package on NPM. These malicious packages were uploaded to the hashtag repository." Checkmarx Zero security research in a story by Michael Vizard in DevOps.com https://devops.com/checkmarx-surfaces-malicious-effort-to-compromise-software-supply-chains/ #

Checkmarx has discovered malicious software packages that inject malware capable of bypassing endpoint security to exfiltrate data.

05/13/2025

The data is in: robust is increasingly becoming a business driver. “A new survey of 200 CISOs from across diverse industries and regions finds that 49% of CISOs say buyers now factor application security (AppSec) into their purchasing decisions.” Read all about our CISO survey research findings in this Beta News story by Ian Barker:

A new survey of 200 chief information security officers (CISOs) from across diverse industries and regions finds that 49 percent of CISOs say buyers now factor application security (AppSec) into th…

04/29/2025

At , our VP of Security Research Erez Yalon explained how bad actors can push LLMs off track by deliberately introducing false inputs, causing them to spew wrong answers in GenAI apps. Story by Neil Rubenking in PCMag.

At RSAC, a security researcher explains how bad actors can push LLMs off track by deliberately introducing false inputs, causing them to spew wrong answers in generative AI apps.

04/28/2025

AI-generated coding is here, ready or not, as our TechStrong panel is saying at RSA. Our Director of Product Growth Steve Boone says letting AI run much of the coding marathon, freeing devs to focus on critical remediation and finishing the last few miles can align AppSec with faster time-to-delivery.

04/18/2025

We know that many in the security community were concerned recently when it seemed that MITRE’s contract to operate the program was about to expire. Read our Zero team's response, why we support the need for MITRE and how we protect our customers even if the worst were to happen.

Checkmarx Responds to MITRE CVE Program Funding Challenges: Ensuring Continued Vulnerability Support

04/15/2025

According to Infoworld there was 742% increase in software supply chain security attacks last year. You need to take a wider view across your SDLC because you never know where the next threat is coming from.

And it’s why GigaOm took a closer look at leading SSCS vendors to see who was really delivering. Here’s what they said:

"Checkmarx… should be licensed as a complete solution at the Professional and Enterprise tier, which will provide[s] the broadest range of features to secure the entire SDLC.."

In short, we help you see across the SDLC with holistic insights that allow you to keep track of vulnerabilities and always when they’re resolved.

Read the report and learn more:

Discover why Checkmarx was named a Leader in Software Supply Chain Security by GigaOm. Access the report and secure your software supply chain today!has context menu

04/04/2025

"As Ori Bendet, VP of product management at Checkmarx, highlights, 'With agentic AI, automated security is easy, securing the automation process is harder.' Ongoing testing and monitoring help ensure that AI systems remain secure as they evolve." Article by Tony Bradley in Forbes

Explore how agentic AI is transforming automation across industries, enhancing efficiency while addressing key security challenges with robust safeguards and human oversight.

04/02/2025

Vibe coding lets non-coders create applications using AI. Sounds great, but it also creates new security issues. Find out about the dangers that arise when everyone can be a developer in this new blog post from Ori Bendet https://checkmarx.com/blog/security-in-vibe-coding/

03/26/2025

Devs see Python as a safe space to evaluate code. But what if we told you that these controlled environments may be as fragile as glass? The Checkmarx Zero team takes a look at this potential vulnerability and how you can sandbox more securely.

Sandboxes in Python are more complex than they appear. Learn how we were able to use Python's object system to enable Remote Code Ex*****on (RCE).

03/17/2025

Keys to staying on top of malicious code? "...SCA to identify known vulnerabilities in third-party software , container scanning to identify vulnerabilities in third-party packages within containers & malicious package threat intelligence that flags compromised components" -- our security research advocate Darren Meyer in CSO this past weekend

Malicious campaigns targeting code used by developers of AI applications underscore the need to develop comprehensive risk-based programs around software dependencies and components.