@checkmarxzero
Specializing in breaking and protecting the building blocks of modern software development. From traditional #AppSec, through #opensource #SupplyChain threats, to #LLM security. https://checkmarx.com/zero/
LLM-based tools are probabilistic, require significant context to get meaningful results, and make important mistakes in analysis that can mislead users.
But there's real value available IF you understand the strengths and limitations and use them wisely. Learn more: buff.ly/a6yvxiJ
One of our senior security researchers, Alon Lerner, noted that security review commands and tools in LLMs definitely sound very confident in their results. But that confidence is often unearned.
AI-based security review tools are fascinating, so of course we've been pushing them to discover their strengths and limits.
Learn more: buff.ly/a6yvxiJ
Whoever had "AI attacks against GitHub Actions" on their #AppSec bingo card won this last week with the "hackerbot-claw" thing. We cover that story and more: buff.ly/F0NUqYS
#LastWeekInAppSec #AISecurity #SupplyChainSecurity #ApplicationSecurity #Cybersecurity
π’ CVSS 10.0 Critical RCE disclosed in OpenClaw prior to 2026.2.14
Results in full host takeover, exposed when an attacker manages to authenticate to gateway, meaning this is an elevation of privilege allowing lateral movement and increased access.
Fixed in openclaw@2026.2.14.
π¦ buff.ly/SdbVpIJ
π©πΌβπ» Config files in repos can be hijacked, in some cases causing Claude Code to run malicious commands without prompting the user
π GitHub Issues with hidden prompts that cause serious problems when starting Codespaces that include Copilot
Read more: buff.ly/jD3gRHj
#ClaudeCode #GitHubCopilot #AI
Last Week In AppSec we're seeing yet more ways in which researchers are able to trick AI code assistants by abusing trust in sources of context: like configuration files in code repositories and the contents of bug reports.
Read more: buff.ly/jD3gRHj
#ApplicationSecurity #LastWeekInAppSec #AI
Claude Code Security, and the Claude Code "security-reviewer" feature it's based on, gains its best security capabilities from the Opus 4.6 model. Is this model living up to the hype?
buff.ly/f8MVM1Y
#ClaudeCode #ApplicationSecurity #AppSec #AI #LLM #AISecurity
In that article, Darren lays out the problem as well as a strategy for putting controls in place that make your developers' lives easier while adding significant protection against the risk of #maliciousPackages through well-designed controls and lightweight policies
#Malware is targeting developers through #opensource libraries: we can't keep having our only response be telling devs to "be careful". And you can't just buy a product about it. You need a strategy for keeping your developers (and your CI/CD and production systems!) safe. buff.ly/Qbn7SGy
βͺ CVE-2026-24513 is a bypass of the protection afforded by the "auth-url" ingress when a misconfiguration is in place.
π΄ CVE-2026-1580 and CVE-2026-24512 allow for config #injection via the "nginx.ingress.kubernetes.io/auth-method" ingress annotation and the "rules.http.paths.path" ingress field, respectively.
π‘ CVE-2026-24514 is a #DoS in the ingress-nginx admission controller, triggered by sending large requests.
β³ With EOL in March, Ingress #NGINX has 4 newly disclosed vulnerabilities:
#CVE-2026-1580, CVE-2026-24512, CVE-2026-24513, and CVE-2026-24514.
We recommend that you migrate to F5's NGINX Ingress: buff.ly/vqTJvPK
If you canβt migrate yet, update to v1.14.3.
More details on each CVE below.
Weβre constantly shutting down attacks on developers, including in the #VSCode marketplace and the OpenVSX marketplace. And weβre super appreciative of the fast responses to our reports from their security teams. Working together makes the community safer!
This attempt to compromise #Solidity / #Etherium developers was particularly aggressive: it didnβt just try to exfiltrate data, it installed a Remote Access Trojan. Not to worry, we got it shut down within a day.
π Read about it: buff.ly/9e55Xgy
Looking at the #LastWeekInAppSec, we see two widely-used application components with #DoS, and a nasty little path traversal in a package manager.
Details, mitigations, context for making risk-based decisions all on our blog: buff.ly/xL4NKOg
#React #NodeJS #Java #pnpm #npm #CVE #Vulnerability
Did you know Checkmarx Zero has a newsletter? Avoid the whims of The Algorithm: get an email synopsis when new Checkmarx Zero research or analysis is published on our blog, plus subscriber-exclusive content.
Visit buff.ly/Ao3m5kC and click on the "Subscribe" control at the bottom.
Exploit guidance from researchers or adversaries often increases the risk of exploitation in the future, accelerating development of adversarial automation. This data is important for defenders as well, but it's important to be mindful of the increased risk that comes with.
Due to detailed #exploit guidance in the wild, the priority of patching this #Redis XACKDEL #vulnerability increased this week. CVE-2025-62507 buff.ly/NJvVjvS
βΌοΈ if you haven't yet upgraded your Redis installs, you should increase the priority of that.
#CVE #ApplicationSecurity #ProductSecurity
An email message, with personal information redacted, showing that Checkmarx Zero reached out to the VSMarketplace team on 31. Oct 2025 about the ChatMoss / WhenSunset extension's suspicious behavior
Yes, we heard about the #ChatMoss / #WhenSunset #VSCode extension that appears to be malicious. We reported it to the marketplace on 31. Oct 2025. It's not new, it's not news, but it is a good reminder to be cautious; marketplaces don't always remove sketchy extensions.
#Malware #SupplyChainSecurity
As of 16. Jan 2026, this chart shows the number of #CVE submissions in "Awaiting Analysis" status in the US-NVD
Unless something changes with #NVD's capacity (which seems unlikely given NIST's current priorities), we as an industry need to find a different path. This isn't sustainable.
This #LastWeekInAppSec is a great reminder that automation and dev tooling is part of an organizations attack surface. #Sigstore, #pnpm, and #n8n all have vulns to pay attention to, but (mostly) not panic over.
π should you worry? read: buff.ly/ATRNVz3
#AppSec #ProductSecurity #DevSecOps #DevOps
CVE-2026-22688: #CommandInjection in #MCP stdio configuration in #WeKnora. Authenticated users can inject commands into the MCP stdio settings, causing the server to create subprocesses and executing the injected commands. buff.ly/CyMafWP
Update to v0.2.5 or higher!
π¨ Alert #WeKnora users! 2 High Severity #CVEs were released.
CVE-2026-22687: #SQLi in the Agent service DB query tool. Due to insufficient backend checks an attacker can use promptβbased bypass to avoid query restrictions and obtain sensitive information from the server and DB. buff.ly/kQXicrG
Checkmarx Zero has contributed some of our work on Lies-in-the-Loop to the OWASP foundation. Thanks to our own Ori Ron for the efforts there, and to the OWASP community for the review and process of getting this important attack pattern documented with OWASP
See: buff.ly/KNzcahw
π IoCs include
meow[.]undefined21[.]com:8040
c[.]undefined21[.]com:4444
ScreenConnect.ClientSetup.msi?e=Access&y=Guest
/tmp/.test.py
~/Library/LaunchAgents/com.example.testscript.plist
~/.config/systemd/user/testscript.service
%TEMP%\extension.bat
𧡠3/3
Windows: drops UAC-elevated script, adds Defender exclusion & installs ScreenConnect from meow[.]undefined21[.]com:8040.
macOS & Linux: drops Python reverse shell to c[.]undefined21[.]com:4444.
𧡠2/3
π¨ Malicious VS Code extension impersonating Solidity publishers: juanblan281.solid281 ; drops persistent remote-access kits on Windows, macOS, and Linux. If found on machines, quarantine and clean carefully. 𧡠1/3
#VSCode #Malware #AppSec #Developer #Solidity
It's been a busy couple of weeks for #AppSec; including ongoing named vulns like React2Shell and MongoBleed, because what's a #vuln without a Brandβ’? Also AdonisJS, RustFS, and the Shai-Hulud that didn't happen
π READ more: buff.ly/xbVornQ
#JavaScript #npm #MongoDB #React #Rust
π¨ CVE-2026-21877 β #RCE in #n8n via Arbitrary File Write
Authenticated users may upload crafted files that could trigger remote code execution, potentially leading to full instance compromise, affecting both self-hosted and cloud instances.
Patch version 1.121.3+.
More information: