Checkmarx Zero
@checkmarxzero.bsky.social
Specializing in breaking and protecting the building blocks of modern software development. From traditional #AppSec, through #opensource #SupplyChain threats, to #LLM security. https://checkmarx.com/zero/
🚨 #Windows users of #NPM systeminformation be aware of #CVE-2025-68154. The fsSize function is vulnerable to OS Command #Injection. The drive parameter is added to a PowerShell command directly, allowing arbitrary commands when user input hits fsSize(). Upgrade to v5.27.14
Details: buff.ly/xexR3dP
Details: buff.ly/xexR3dP
December 18, 2025 at 3:42 PM
🚨 #Windows users of #NPM systeminformation be aware of #CVE-2025-68154. The fsSize function is vulnerable to OS Command #Injection. The drive parameter is added to a PowerShell command directly, allowing arbitrary commands when user input hits fsSize(). Upgrade to v5.27.14
Details: buff.ly/xexR3dP
Details: buff.ly/xexR3dP
The very safeguards that your AI agents put in place to make sure you know what they're executing on your machine can be turned into weapons that put your data at risk. Read at Checkmarx Zero: buff.ly/uWNTb5O 🧵1/4
Turning AI Safeguards Into Weapons with HITL Dialog Forging - Checkmarx
Human-in-the-Loop safeguards can be turned against the users of AI agents. Learn how the concepts of Lies in the Loop and HITL Dialog Forging can be turned against developers using agentic AI code…
buff.ly
December 16, 2025 at 8:06 PM
The very safeguards that your AI agents put in place to make sure you know what they're executing on your machine can be turned into weapons that put your data at risk. Read at Checkmarx Zero: buff.ly/uWNTb5O 🧵1/4
A pentesting AI agent pwned with an HTML comment on a target server? That's actually kind of funny on the one hand, but deeply concerning on the other. CVE-2025-67511 references a critical, ‼️unpatched‼️ command injection issue in the CAI pentesting agent
Details and mitigation: buff.ly/x6gPiPf 🧵 1/4
Details and mitigation: buff.ly/x6gPiPf 🧵 1/4
Cybersecurity AI agent is Vulnerable to Command Injection (CVE-2025-67511) - Checkmarx
Cybersecurity AI agent for pentesting becomes a threat on its own, allowing attackers to inject malicious SSH hostnames in content to execute shell commands on the agent's host.
buff.ly
December 11, 2025 at 10:08 PM
A pentesting AI agent pwned with an HTML comment on a target server? That's actually kind of funny on the one hand, but deeply concerning on the other. CVE-2025-67511 references a critical, ‼️unpatched‼️ command injection issue in the CAI pentesting agent
Details and mitigation: buff.ly/x6gPiPf 🧵 1/4
Details and mitigation: buff.ly/x6gPiPf 🧵 1/4
‼️ A critical issue has landed for anyone building with Elysia.js. CVE-2025-66456 allows attackers to achieve remote code execution through a prototype-pollution pathway in certain schema-validation flows. buff.ly/RCQHiLI
#ElysiaJS #CVE202566456 #RCE #AppSec #NodeSecurity #TypeScript 🧵1/5
#ElysiaJS #CVE202566456 #RCE #AppSec #NodeSecurity #TypeScript 🧵1/5
December 11, 2025 at 3:42 PM
‼️ A critical issue has landed for anyone building with Elysia.js. CVE-2025-66456 allows attackers to achieve remote code execution through a prototype-pollution pathway in certain schema-validation flows. buff.ly/RCQHiLI
#ElysiaJS #CVE202566456 #RCE #AppSec #NodeSecurity #TypeScript 🧵1/5
#ElysiaJS #CVE202566456 #RCE #AppSec #NodeSecurity #TypeScript 🧵1/5
🏰 Zitadel identity manager has 3 serious vulns to patch that could leave organizations at serious risk, including account takeovers and reading of sensitive data.
#SupplyChainSecrity #Vulnerability #ProductSecurity #InformationSecurity #CyberSecurity #Patch #Zitadel
#SupplyChainSecrity #Vulnerability #ProductSecurity #InformationSecurity #CyberSecurity #Patch #Zitadel
December 10, 2025 at 10:08 PM
🏰 Zitadel identity manager has 3 serious vulns to patch that could leave organizations at serious risk, including account takeovers and reading of sensitive data.
#SupplyChainSecrity #Vulnerability #ProductSecurity #InformationSecurity #CyberSecurity #Patch #Zitadel
#SupplyChainSecrity #Vulnerability #ProductSecurity #InformationSecurity #CyberSecurity #Patch #Zitadel
Checkmarx Zero researcher Bruno Dias takes a deep dive inside Shai-Hulud's maw to examine how the world's first worm wreaked havoc on the NPM ecosystem — twice.
Read "Inside Shai-Hulud's Maw": buff.ly/N5Men7d
Read "Inside Shai-Hulud's Maw": buff.ly/N5Men7d
Inside Shai-Hulud's Maw: How The NPM Worm Exploits And Propagates - Checkmarx
How the world's first NPM worm did it's work, from exploitation to propagation in detail. Bruno Dias explores both the original Shai-Hulud worm and the "Second Coming" evolution, and breaks down each…
checkmarx.com
December 9, 2025 at 3:42 PM
Checkmarx Zero researcher Bruno Dias takes a deep dive inside Shai-Hulud's maw to examine how the world's first worm wreaked havoc on the NPM ecosystem — twice.
Read "Inside Shai-Hulud's Maw": buff.ly/N5Men7d
Read "Inside Shai-Hulud's Maw": buff.ly/N5Men7d
🚨 CVE-2025-65959 | Open WebUI | Stored XSS via Notes PDF Download (High)
Malicious SVG/HTML in Markdown notes can execute JavaScript when downloaded as PDF, enabling session token theft. All users are at risk. Affects versions < 0.6.37.
buff.ly/EVaSAOB
buff.ly/RFK4ZIl
Malicious SVG/HTML in Markdown notes can execute JavaScript when downloaded as PDF, enabling session token theft. All users are at risk. Affects versions < 0.6.37.
buff.ly/EVaSAOB
buff.ly/RFK4ZIl
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2025-65959 - DevHub
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.37, a Stored XSS vulnerability was discovered in Open-WebUI's Notes PDF download…
devhub.checkmarx.com
December 8, 2025 at 9:52 PM
🚨 CVE-2025-65959 | Open WebUI | Stored XSS via Notes PDF Download (High)
Malicious SVG/HTML in Markdown notes can execute JavaScript when downloaded as PDF, enabling session token theft. All users are at risk. Affects versions < 0.6.37.
buff.ly/EVaSAOB
buff.ly/RFK4ZIl
Malicious SVG/HTML in Markdown notes can execute JavaScript when downloaded as PDF, enabling session token theft. All users are at risk. Affects versions < 0.6.37.
buff.ly/EVaSAOB
buff.ly/RFK4ZIl
📣 Within hours of disclosure, threat actors began probing and exploiting #React2Shell (CVE-2025-55182), and the #CVE has now been added to CISA’s KEV catalog.
If you run React Server Components, Next.js, or dependent frameworks, patch immediately.
More details: buff.ly/PPd3QsF
#AppSec
If you run React Server Components, Next.js, or dependent frameworks, patch immediately.
More details: buff.ly/PPd3QsF
#AppSec
React2Shell (CVE-2025-55182) Deserialization to Remote Code Execution in React and Next.js - Checkmarx
React2Shell (CVE-2025-55182) is a critical unauthenticated RCE vulnerability in React and Next.js caused by insecure deserialization, putting a large number of applications at immediate risk.
buff.ly
December 8, 2025 at 9:52 PM
📣 Within hours of disclosure, threat actors began probing and exploiting #React2Shell (CVE-2025-55182), and the #CVE has now been added to CISA’s KEV catalog.
If you run React Server Components, Next.js, or dependent frameworks, patch immediately.
More details: buff.ly/PPd3QsF
#AppSec
If you run React Server Components, Next.js, or dependent frameworks, patch immediately.
More details: buff.ly/PPd3QsF
#AppSec
We took down 6 more malicious #VSCode packages that seem to be an evolved brandjacking attack similar the attack on Prettier we previously took down.
List of extensions and additional info: buff.ly/wxviY9d
#SupplyChainSecurity #DeveloperSecurity #ExtensionSecurity #VisualStudioCode
List of extensions and additional info: buff.ly/wxviY9d
#SupplyChainSecurity #DeveloperSecurity #ExtensionSecurity #VisualStudioCode
Taking Down More Malicious VSCode Extensions in the 'Prettier' Campaign - Checkmarx
As adversaries improve their tactics for getting malicious content into the Visual Studio Code Marketplace and Open VSX, Checkmarx Zero continues to defend the community. Here's the latest…
checkmarx.com
December 5, 2025 at 4:04 PM
We took down 6 more malicious #VSCode packages that seem to be an evolved brandjacking attack similar the attack on Prettier we previously took down.
List of extensions and additional info: buff.ly/wxviY9d
#SupplyChainSecurity #DeveloperSecurity #ExtensionSecurity #VisualStudioCode
List of extensions and additional info: buff.ly/wxviY9d
#SupplyChainSecurity #DeveloperSecurity #ExtensionSecurity #VisualStudioCode
#React2Shell is not to be underestimated: this RCE vulnerability in React also impacts Next.js, and can result in attackers executing arbitrary commands on your servers. It can be hard to be sure that you're not using the affected components, so upgrade as soon as you possibly can! buff.ly/PPd3QsF
React2Shell (CVE-2025-55182) Deserialization to Remote Code Execution in React and Next.js - Checkmarx
React2Shell (CVE-2025-55182) is a critical unauthenticated RCE vulnerability in React and Next.js caused by insecure deserialization, putting a large number of applications at immediate risk.
checkmarx.com
December 4, 2025 at 7:58 PM
#React2Shell is not to be underestimated: this RCE vulnerability in React also impacts Next.js, and can result in attackers executing arbitrary commands on your servers. It can be hard to be sure that you're not using the affected components, so upgrade as soon as you possibly can! buff.ly/PPd3QsF
#LastWeekInAppSec was a busy one! Not only did we have #ShaiHulud rear its head again, but a number of big patching efforts came up as well 🧵1/5
Get details and analysis here: buff.ly/T63yQWd
Get details and analysis here: buff.ly/T63yQWd
Last Week in AppSec for 02. December 2025 - Checkmarx
Last week in AppSec was busy; with Shai-Hulud 2, node-forge signature bypasses, Apache Syncope hard-coded AES key, renewed focus on libxml2 vulnerabilities, and some big patched from GitLab
checkmarx.com
December 1, 2025 at 8:11 PM
#LastWeekInAppSec was a busy one! Not only did we have #ShaiHulud rear its head again, but a number of big patching efforts came up as well 🧵1/5
Get details and analysis here: buff.ly/T63yQWd
Get details and analysis here: buff.ly/T63yQWd
🚨 #CVE-2025-41115: critical vulnerability in #Grafana user identity handling. Update to the latest platform version.
#Vulnerable versions with #SCIM provisioning enabled can let a malicious SCIM client use a numeric “externalId" to override user IDs, risking impersonation or privilege escalation.
#Vulnerable versions with #SCIM provisioning enabled can let a malicious SCIM client use a numeric “externalId" to override user IDs, risking impersonation or privilege escalation.
Incorrect Privilege Assignment - CVE-2025-41115 - DevHub
SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In…
buff.ly
November 25, 2025 at 10:08 PM
🚨 #CVE-2025-41115: critical vulnerability in #Grafana user identity handling. Update to the latest platform version.
#Vulnerable versions with #SCIM provisioning enabled can let a malicious SCIM client use a numeric “externalId" to override user IDs, risking impersonation or privilege escalation.
#Vulnerable versions with #SCIM provisioning enabled can let a malicious SCIM client use a numeric “externalId" to override user IDs, risking impersonation or privilege escalation.
🚨 CVE-2025-62155 | New API — SSRF Redirect Bypass (High)
A new SSRF vulnerability in New API allows bypassing a previous fix using HTTP 302 redirects, enabling malicious requests to access internal resources by only validating the first URL.
Patch: Update to v0.9.6
buff.ly/iPMLSlT
A new SSRF vulnerability in New API allows bypassing a previous fix using HTTP 302 redirects, enabling malicious requests to access internal resources by only validating the first URL.
Patch: Update to v0.9.6
buff.ly/iPMLSlT
November 25, 2025 at 3:42 PM
🚨 CVE-2025-62155 | New API — SSRF Redirect Bypass (High)
A new SSRF vulnerability in New API allows bypassing a previous fix using HTTP 302 redirects, enabling malicious requests to access internal resources by only validating the first URL.
Patch: Update to v0.9.6
buff.ly/iPMLSlT
A new SSRF vulnerability in New API allows bypassing a previous fix using HTTP 302 redirects, enabling malicious requests to access internal resources by only validating the first URL.
Patch: Update to v0.9.6
buff.ly/iPMLSlT
We just took down a particularly nasty piece of VSCode extension malware posing as a “Prettier” alternative. It deployed an Anivia Stealer variant that exfiltrates credentials and even private chat data. We got it down in 4 hours.
buff.ly/TRAMPpN
#VSCode #Malware #SupplyChainSecurity #AppSec 🧵1/5
buff.ly/TRAMPpN
#VSCode #Malware #SupplyChainSecurity #AppSec 🧵1/5
Checkmarx Zero Takes Down Malicious “Prettier” Alternative Found In VSCode Marketplace - Checkmarx
Checkmarx Zero took down a malicious VSCode Extension posing as "Prettier Plus" (an apparent attempt to leverage Brandjacking of the legitimate and popular "Prettier").
checkmarx.com
November 21, 2025 at 10:24 PM
We just took down a particularly nasty piece of VSCode extension malware posing as a “Prettier” alternative. It deployed an Anivia Stealer variant that exfiltrates credentials and even private chat data. We got it down in 4 hours.
buff.ly/TRAMPpN
#VSCode #Malware #SupplyChainSecurity #AppSec 🧵1/5
buff.ly/TRAMPpN
#VSCode #Malware #SupplyChainSecurity #AppSec 🧵1/5
Running vLLM in production? There’s a crashing bug that can lead to DoS and even potential RCE. If you handle untrusted inputs, this one matters.
Details ➜ buff.ly/a5dVfj5
#vLLM #AIVulnerability #LLMSecurity #PyTorch #AppSec #DevSecOps
🧵1/4
Details ➜ buff.ly/a5dVfj5
#vLLM #AIVulnerability #LLMSecurity #PyTorch #AppSec #DevSecOps
🧵1/4
November 21, 2025 at 5:15 PM
Running vLLM in production? There’s a crashing bug that can lead to DoS and even potential RCE. If you handle untrusted inputs, this one matters.
Details ➜ buff.ly/a5dVfj5
#vLLM #AIVulnerability #LLMSecurity #PyTorch #AppSec #DevSecOps
🧵1/4
Details ➜ buff.ly/a5dVfj5
#vLLM #AIVulnerability #LLMSecurity #PyTorch #AppSec #DevSecOps
🧵1/4
A CVSS 2.9 vulnerability in a dependency isn’t supposed to wreck availability… yet that’s exactly what happened to HAProxy. A “low-severity” supply-chain flaw escalated into a high-severity DoS risk. Curious how?
Read more: buff.ly/LSA5qfq
#AppSec #SupplyChainSecurity #DoS #HAProxy 🧵1/6
Read more: buff.ly/LSA5qfq
#AppSec #SupplyChainSecurity #DoS #HAProxy 🧵1/6
HAProxy Affected by Low-Severity Supply Chain Vulnerability, Leading To High-Severity Denial of Service (DoS) Risk - Checkmarx
A low-severity flaw in the mjson library quietly escalated into a high-impact DoS vulnerability across multiple HAProxy products. This incident exposes how outdated dependencies can silently…
checkmarx.com
November 21, 2025 at 4:42 PM
A CVSS 2.9 vulnerability in a dependency isn’t supposed to wreck availability… yet that’s exactly what happened to HAProxy. A “low-severity” supply-chain flaw escalated into a high-severity DoS risk. Curious how?
Read more: buff.ly/LSA5qfq
#AppSec #SupplyChainSecurity #DoS #HAProxy 🧵1/6
Read more: buff.ly/LSA5qfq
#AppSec #SupplyChainSecurity #DoS #HAProxy 🧵1/6
🚨 High-risk 7-Zip issue: CVE-2025-11001 enables directory traversal → remote code execution via crafted ZIPs containing malicious symlinks. Versions <25.00 are affected.
Admins and CI/CD owners should review immediately.
#7zip #RCE #DirectoryTraversal #AppSec #SoftwareSecurity
buff.ly/k6Tv0YL
🧵1/4
Admins and CI/CD owners should review immediately.
#7zip #RCE #DirectoryTraversal #AppSec #SoftwareSecurity
buff.ly/k6Tv0YL
🧵1/4
November 20, 2025 at 10:08 PM
🚨 High-risk 7-Zip issue: CVE-2025-11001 enables directory traversal → remote code execution via crafted ZIPs containing malicious symlinks. Versions <25.00 are affected.
Admins and CI/CD owners should review immediately.
#7zip #RCE #DirectoryTraversal #AppSec #SoftwareSecurity
buff.ly/k6Tv0YL
🧵1/4
Admins and CI/CD owners should review immediately.
#7zip #RCE #DirectoryTraversal #AppSec #SoftwareSecurity
buff.ly/k6Tv0YL
🧵1/4
A high-severity flaw in the glob NPM CLI (230M weekly downloads) enables command injection via malicious filenames.
CVE-2025-64756 (CVSS 7.5) details + fixes: buff.ly/Nwqkdfz
#NPM #JavaScript #OpenSourceSecurity #AppSec #SupplyChainSecurity
🧵1/4
CVE-2025-64756 (CVSS 7.5) details + fixes: buff.ly/Nwqkdfz
#NPM #JavaScript #OpenSourceSecurity #AppSec #SupplyChainSecurity
🧵1/4
November 19, 2025 at 3:42 PM
A high-severity flaw in the glob NPM CLI (230M weekly downloads) enables command injection via malicious filenames.
CVE-2025-64756 (CVSS 7.5) details + fixes: buff.ly/Nwqkdfz
#NPM #JavaScript #OpenSourceSecurity #AppSec #SupplyChainSecurity
🧵1/4
CVE-2025-64756 (CVSS 7.5) details + fixes: buff.ly/Nwqkdfz
#NPM #JavaScript #OpenSourceSecurity #AppSec #SupplyChainSecurity
🧵1/4
#LastWeekInAppSec brings two cases where “safe by design” didn’t hold up — an #NPM math sandbox with an RCE flaw, and an #AI workflow tool with dangerous password-change logic.
Full roundup:
buff.ly/YrPW8GN
🧵1/4
Full roundup:
buff.ly/YrPW8GN
🧵1/4
checkmarx.com
November 18, 2025 at 2:07 PM
#LastWeekInAppSec brings two cases where “safe by design” didn’t hold up — an #NPM math sandbox with an RCE flaw, and an #AI workflow tool with dangerous password-change logic.
Full roundup:
buff.ly/YrPW8GN
🧵1/4
Full roundup:
buff.ly/YrPW8GN
🧵1/4
VSCode extensions can be malicious?! Yep: and Checkmarx Zero works to identify them and take them down. Two of our researchers dive into an older finding to show you how these extensions trick developers and abuse their trust. And how we got them taken down.
buff.ly/VnHjSrH
buff.ly/VnHjSrH
How we take down malicious Visual Studio Code extensions - Checkmarx
Checkmarx Zero exposes how malicious Visual Studio Code extensions infiltrate the software supply chain — from brand impersonation and data exfiltration to payload staging. The team details how they…
checkmarx.com
November 17, 2025 at 3:42 PM
VSCode extensions can be malicious?! Yep: and Checkmarx Zero works to identify them and take them down. Two of our researchers dive into an older finding to show you how these extensions trick developers and abuse their trust. And how we got them taken down.
buff.ly/VnHjSrH
buff.ly/VnHjSrH
🚨 New activity in North Korea’s “Contagious Interview” NPM attack campaign — or at least the same tactics back in play. We’ve uncovered 13 additional malicious packages, on top of hundreds already disclosed.
#SupplyChainSecurity #NPM #CyberThreat #ContagiousInterview 🧵1/6
#SupplyChainSecurity #NPM #CyberThreat #ContagiousInterview 🧵1/6
November 12, 2025 at 10:08 PM
🚨 New activity in North Korea’s “Contagious Interview” NPM attack campaign — or at least the same tactics back in play. We’ve uncovered 13 additional malicious packages, on top of hundreds already disclosed.
#SupplyChainSecurity #NPM #CyberThreat #ContagiousInterview 🧵1/6
#SupplyChainSecurity #NPM #CyberThreat #ContagiousInterview 🧵1/6
☔️ #LastWeekInAppSec (Nov 11) highlights two low-severity issues with interesting implications for real-world #AppSec and #DevSecOps.
🔗 buff.ly/wN1crc3
🧵1/4
🔗 buff.ly/wN1crc3
🧵1/4
November 11, 2025 at 3:42 PM
☔️ #LastWeekInAppSec (Nov 11) highlights two low-severity issues with interesting implications for real-world #AppSec and #DevSecOps.
🔗 buff.ly/wN1crc3
🧵1/4
🔗 buff.ly/wN1crc3
🧵1/4
🚨 Critical #Django #Vulnerability 🚨
CVE-2025-64459 (CVSSv3 9.1) → buff.ly/kfcbY7e
A newly disclosed flaw affects:
• 5.1 (< 5.1.14)
• 4.2 (< 4.2.26)
• 5.2 (< 5.2.8)
#AppSec #Python #WebSecurity 🧵1/5
CVE-2025-64459 (CVSSv3 9.1) → buff.ly/kfcbY7e
A newly disclosed flaw affects:
• 5.1 (< 5.1.14)
• 4.2 (< 4.2.26)
• 5.2 (< 5.2.8)
#AppSec #Python #WebSecurity 🧵1/5
November 7, 2025 at 4:23 PM
🚨 Critical #Django #Vulnerability 🚨
CVE-2025-64459 (CVSSv3 9.1) → buff.ly/kfcbY7e
A newly disclosed flaw affects:
• 5.1 (< 5.1.14)
• 4.2 (< 4.2.26)
• 5.2 (< 5.2.8)
#AppSec #Python #WebSecurity 🧵1/5
CVE-2025-64459 (CVSSv3 9.1) → buff.ly/kfcbY7e
A newly disclosed flaw affects:
• 5.1 (< 5.1.14)
• 4.2 (< 4.2.26)
• 5.2 (< 5.2.8)
#AppSec #Python #WebSecurity 🧵1/5
BleepingComputer reports a new malware campaign (#SesameOp) abusing #OpenAI APIs as a #C2 channel — turning AI assistants into control and exfiltration tools.
buff.ly/4ay9Kvz
#AIsecurity #CyberSecurity #AppSec #ThreatIntel 🧵1/3
buff.ly/4ay9Kvz
#AIsecurity #CyberSecurity #AppSec #ThreatIntel 🧵1/3
Microsoft: SesameOp malware abuses OpenAI Assistants API in attacks
Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel.
www.bleepingcomputer.com
November 5, 2025 at 3:42 PM
BleepingComputer reports a new malware campaign (#SesameOp) abusing #OpenAI APIs as a #C2 channel — turning AI assistants into control and exfiltration tools.
buff.ly/4ay9Kvz
#AIsecurity #CyberSecurity #AppSec #ThreatIntel 🧵1/3
buff.ly/4ay9Kvz
#AIsecurity #CyberSecurity #AppSec #ThreatIntel 🧵1/3
What breaches orgs say: “it was a highly skilled attack by an advanced threat”
What actually happened: www.pcgamer.com/software/sec...
What actually happened: www.pcgamer.com/software/sec...
Post-heist reports reveal the password for the Louvre's video surveillance was 'Louvre,' and suddenly the dumpster-tier opsec of videogame NPCs seems a lot less absurd
Is leaving the safe combination on a post-it note that much worse?
www.pcgamer.com
November 5, 2025 at 12:26 PM
What breaches orgs say: “it was a highly skilled attack by an advanced threat”
What actually happened: www.pcgamer.com/software/sec...
What actually happened: www.pcgamer.com/software/sec...