Checkmarx Zero
@checkmarxzero.bsky.social
Specializing in breaking and protecting the building blocks of modern software development. From traditional #AppSec, through #opensource #SupplyChain threats, to #LLM security. https://checkmarx.com/zero/
🚨 #Windows users of #NPM systeminformation be aware of #CVE-2025-68154. The fsSize function is vulnerable to OS Command #Injection. The drive parameter is added to a PowerShell command directly, allowing arbitrary commands when user input hits fsSize(). Upgrade to v5.27.14
Details: buff.ly/xexR3dP
Details: buff.ly/xexR3dP
December 18, 2025 at 3:42 PM
🚨 #Windows users of #NPM systeminformation be aware of #CVE-2025-68154. The fsSize function is vulnerable to OS Command #Injection. The drive parameter is added to a PowerShell command directly, allowing arbitrary commands when user input hits fsSize(). Upgrade to v5.27.14
Details: buff.ly/xexR3dP
Details: buff.ly/xexR3dP
And depending on the implementation, these risks can range from "we should have made this more clear" to "this is an outright deception". Ori Ron takes us past LITL into HITL dialog forging, and shows how two different AI agents (#ClaudeCode and #CopilotChat) try to address this issue. 🧵3/4
December 16, 2025 at 8:06 PM
And depending on the implementation, these risks can range from "we should have made this more clear" to "this is an outright deception". Ori Ron takes us past LITL into HITL dialog forging, and shows how two different AI agents (#ClaudeCode and #CopilotChat) try to address this issue. 🧵3/4
Checkmarx Zero already showed you how #LiesInTheLoop (LITL) can compromise the utility of the Human-in-the-Loop safety systems AI agents provide.
But that's only the start of the risk. Those same HITL prompts can have other security risks lurking within them.🧵2/4
But that's only the start of the risk. Those same HITL prompts can have other security risks lurking within them.🧵2/4
December 16, 2025 at 8:06 PM
Checkmarx Zero already showed you how #LiesInTheLoop (LITL) can compromise the utility of the Human-in-the-Loop safety systems AI agents provide.
But that's only the start of the risk. Those same HITL prompts can have other security risks lurking within them.🧵2/4
But that's only the start of the risk. Those same HITL prompts can have other security risks lurking within them.🧵2/4
‼️ A critical issue has landed for anyone building with Elysia.js. CVE-2025-66456 allows attackers to achieve remote code execution through a prototype-pollution pathway in certain schema-validation flows. buff.ly/RCQHiLI
#ElysiaJS #CVE202566456 #RCE #AppSec #NodeSecurity #TypeScript 🧵1/5
#ElysiaJS #CVE202566456 #RCE #AppSec #NodeSecurity #TypeScript 🧵1/5
December 11, 2025 at 3:42 PM
‼️ A critical issue has landed for anyone building with Elysia.js. CVE-2025-66456 allows attackers to achieve remote code execution through a prototype-pollution pathway in certain schema-validation flows. buff.ly/RCQHiLI
#ElysiaJS #CVE202566456 #RCE #AppSec #NodeSecurity #TypeScript 🧵1/5
#ElysiaJS #CVE202566456 #RCE #AppSec #NodeSecurity #TypeScript 🧵1/5
🏰 Zitadel identity manager has 3 serious vulns to patch that could leave organizations at serious risk, including account takeovers and reading of sensitive data.
#SupplyChainSecrity #Vulnerability #ProductSecurity #InformationSecurity #CyberSecurity #Patch #Zitadel
#SupplyChainSecrity #Vulnerability #ProductSecurity #InformationSecurity #CyberSecurity #Patch #Zitadel
December 10, 2025 at 10:08 PM
🏰 Zitadel identity manager has 3 serious vulns to patch that could leave organizations at serious risk, including account takeovers and reading of sensitive data.
#SupplyChainSecrity #Vulnerability #ProductSecurity #InformationSecurity #CyberSecurity #Patch #Zitadel
#SupplyChainSecrity #Vulnerability #ProductSecurity #InformationSecurity #CyberSecurity #Patch #Zitadel
Running vLLM in production? There’s a crashing bug that can lead to DoS and even potential RCE. If you handle untrusted inputs, this one matters.
Details ➜ buff.ly/a5dVfj5
#vLLM #AIVulnerability #LLMSecurity #PyTorch #AppSec #DevSecOps
🧵1/4
Details ➜ buff.ly/a5dVfj5
#vLLM #AIVulnerability #LLMSecurity #PyTorch #AppSec #DevSecOps
🧵1/4
November 21, 2025 at 5:15 PM
Running vLLM in production? There’s a crashing bug that can lead to DoS and even potential RCE. If you handle untrusted inputs, this one matters.
Details ➜ buff.ly/a5dVfj5
#vLLM #AIVulnerability #LLMSecurity #PyTorch #AppSec #DevSecOps
🧵1/4
Details ➜ buff.ly/a5dVfj5
#vLLM #AIVulnerability #LLMSecurity #PyTorch #AppSec #DevSecOps
🧵1/4
🚨 High-risk 7-Zip issue: CVE-2025-11001 enables directory traversal → remote code execution via crafted ZIPs containing malicious symlinks. Versions <25.00 are affected.
Admins and CI/CD owners should review immediately.
#7zip #RCE #DirectoryTraversal #AppSec #SoftwareSecurity
buff.ly/k6Tv0YL
🧵1/4
Admins and CI/CD owners should review immediately.
#7zip #RCE #DirectoryTraversal #AppSec #SoftwareSecurity
buff.ly/k6Tv0YL
🧵1/4
November 20, 2025 at 10:08 PM
🚨 High-risk 7-Zip issue: CVE-2025-11001 enables directory traversal → remote code execution via crafted ZIPs containing malicious symlinks. Versions <25.00 are affected.
Admins and CI/CD owners should review immediately.
#7zip #RCE #DirectoryTraversal #AppSec #SoftwareSecurity
buff.ly/k6Tv0YL
🧵1/4
Admins and CI/CD owners should review immediately.
#7zip #RCE #DirectoryTraversal #AppSec #SoftwareSecurity
buff.ly/k6Tv0YL
🧵1/4
A high-severity flaw in the glob NPM CLI (230M weekly downloads) enables command injection via malicious filenames.
CVE-2025-64756 (CVSS 7.5) details + fixes: buff.ly/Nwqkdfz
#NPM #JavaScript #OpenSourceSecurity #AppSec #SupplyChainSecurity
🧵1/4
CVE-2025-64756 (CVSS 7.5) details + fixes: buff.ly/Nwqkdfz
#NPM #JavaScript #OpenSourceSecurity #AppSec #SupplyChainSecurity
🧵1/4
November 19, 2025 at 3:42 PM
A high-severity flaw in the glob NPM CLI (230M weekly downloads) enables command injection via malicious filenames.
CVE-2025-64756 (CVSS 7.5) details + fixes: buff.ly/Nwqkdfz
#NPM #JavaScript #OpenSourceSecurity #AppSec #SupplyChainSecurity
🧵1/4
CVE-2025-64756 (CVSS 7.5) details + fixes: buff.ly/Nwqkdfz
#NPM #JavaScript #OpenSourceSecurity #AppSec #SupplyChainSecurity
🧵1/4
🚨 New activity in North Korea’s “Contagious Interview” NPM attack campaign — or at least the same tactics back in play. We’ve uncovered 13 additional malicious packages, on top of hundreds already disclosed.
#SupplyChainSecurity #NPM #CyberThreat #ContagiousInterview 🧵1/6
#SupplyChainSecurity #NPM #CyberThreat #ContagiousInterview 🧵1/6
November 12, 2025 at 10:08 PM
🚨 New activity in North Korea’s “Contagious Interview” NPM attack campaign — or at least the same tactics back in play. We’ve uncovered 13 additional malicious packages, on top of hundreds already disclosed.
#SupplyChainSecurity #NPM #CyberThreat #ContagiousInterview 🧵1/6
#SupplyChainSecurity #NPM #CyberThreat #ContagiousInterview 🧵1/6
🚨 Critical #Django #Vulnerability 🚨
CVE-2025-64459 (CVSSv3 9.1) → buff.ly/kfcbY7e
A newly disclosed flaw affects:
• 5.1 (< 5.1.14)
• 4.2 (< 4.2.26)
• 5.2 (< 5.2.8)
#AppSec #Python #WebSecurity 🧵1/5
CVE-2025-64459 (CVSSv3 9.1) → buff.ly/kfcbY7e
A newly disclosed flaw affects:
• 5.1 (< 5.1.14)
• 4.2 (< 4.2.26)
• 5.2 (< 5.2.8)
#AppSec #Python #WebSecurity 🧵1/5
November 7, 2025 at 4:23 PM
🚨 Critical #Django #Vulnerability 🚨
CVE-2025-64459 (CVSSv3 9.1) → buff.ly/kfcbY7e
A newly disclosed flaw affects:
• 5.1 (< 5.1.14)
• 4.2 (< 4.2.26)
• 5.2 (< 5.2.8)
#AppSec #Python #WebSecurity 🧵1/5
CVE-2025-64459 (CVSSv3 9.1) → buff.ly/kfcbY7e
A newly disclosed flaw affects:
• 5.1 (< 5.1.14)
• 4.2 (< 4.2.26)
• 5.2 (< 5.2.8)
#AppSec #Python #WebSecurity 🧵1/5
Seen the news about #PhantomRaven, the NPM malware campaign? Good news: Our Malicious Package Identification API already identifies relevant packages as malicious (see image for one example), and our Malicious Package Protection component has been flagging them during SCA scans. 🧵1/2
November 4, 2025 at 3:50 PM
Seen the news about #PhantomRaven, the NPM malware campaign? Good news: Our Malicious Package Identification API already identifies relevant packages as malicious (see image for one example), and our Malicious Package Protection component has been flagging them during SCA scans. 🧵1/2
🚨 A CVSSv3=10.0 #Vulnerability 🚨 in #DNN (Formerly DotNetNuke) versions prior to 10.1.1 allows unauthenticated users to upload files, even overwriting website assets and other critical components. This is a "the front door is unlocked" situation
CVE-2025-64095 -- buff.ly/UdKZLPl 🧵1/3
CVE-2025-64095 -- buff.ly/UdKZLPl 🧵1/3
October 30, 2025 at 9:08 PM
🚨 A CVSSv3=10.0 #Vulnerability 🚨 in #DNN (Formerly DotNetNuke) versions prior to 10.1.1 allows unauthenticated users to upload files, even overwriting website assets and other critical components. This is a "the front door is unlocked" situation
CVE-2025-64095 -- buff.ly/UdKZLPl 🧵1/3
CVE-2025-64095 -- buff.ly/UdKZLPl 🧵1/3
#Vulnerability alert: Python's `langgraph‑checkpoint‑sqlite` version 2.0.10 — a component of the #langchain #AI project — is vulnerable to SQL injection in filter operators ($eq, $ne, $gt, $lt, $gte, $lte) due to unsafe string concatenation. Update to version 2.0.11 buff.ly/AjRM91E
October 30, 2025 at 2:42 PM
#Vulnerability alert: Python's `langgraph‑checkpoint‑sqlite` version 2.0.10 — a component of the #langchain #AI project — is vulnerable to SQL injection in filter operators ($eq, $ne, $gt, $lt, $gte, $lte) due to unsafe string concatenation. Update to version 2.0.11 buff.ly/AjRM91E
#Vulnerability: A path traversal in #ApacheTomcat (CVE-2025-55752, #CVSS v3=7.5) allows attackers to gain access to protected URLs including `/WEB-INF/` and `/META-INF/` paths. If PUT method is enabled, this issue could in some cases lead to remote command execution buff.ly/xpnvts6
October 29, 2025 at 9:08 PM
#Vulnerability: A path traversal in #ApacheTomcat (CVE-2025-55752, #CVSS v3=7.5) allows attackers to gain access to protected URLs including `/WEB-INF/` and `/META-INF/` paths. If PUT method is enabled, this issue could in some cases lead to remote command execution buff.ly/xpnvts6
🥷 If you’re using #dotNET Core’s web server components, know about CVE-2025-55315 — an HTTP Request Smuggling vulnerability rated #CVSS 9.9.
Severity depends on how your apps handle requests, so calculate your environmental score carefully.
buff.ly/QHRV8ht
🧵1/5
Severity depends on how your apps handle requests, so calculate your environmental score carefully.
buff.ly/QHRV8ht
🧵1/5
October 24, 2025 at 9:08 PM
🥷 If you’re using #dotNET Core’s web server components, know about CVE-2025-55315 — an HTTP Request Smuggling vulnerability rated #CVSS 9.9.
Severity depends on how your apps handle requests, so calculate your environmental score carefully.
buff.ly/QHRV8ht
🧵1/5
Severity depends on how your apps handle requests, so calculate your environmental score carefully.
buff.ly/QHRV8ht
🧵1/5
Ready for a new Branded Vulnerability™? #TARmageddon (CVE-2025-62518) affects the #Rust ecosystem's may forks of `async-tar`; it's a parsing bug for the .tar file format that allows all kinds of shenanigans: at worst even #RCE (Remote Code Execution).
#CyberSecurity #SupplyChainSecurity #SCA
#CyberSecurity #SupplyChainSecurity #SCA
October 23, 2025 at 8:00 PM
Ready for a new Branded Vulnerability™? #TARmageddon (CVE-2025-62518) affects the #Rust ecosystem's may forks of `async-tar`; it's a parsing bug for the .tar file format that allows all kinds of shenanigans: at worst even #RCE (Remote Code Execution).
#CyberSecurity #SupplyChainSecurity #SCA
#CyberSecurity #SupplyChainSecurity #SCA
🚨 Adobe Commerce / #Magento just dropped the “most severe ever” flaw: #CVE-2025-54236.
Improper input validation → attackers can hijack other users’ sessions. For an #eCommerce platform, this means fraud + reputation damage.
Details: buff.ly/j3UDLHE 🧵1/4
Improper input validation → attackers can hijack other users’ sessions. For an #eCommerce platform, this means fraud + reputation damage.
Details: buff.ly/j3UDLHE 🧵1/4
September 11, 2025 at 5:22 PM
🚨 Adobe Commerce / #Magento just dropped the “most severe ever” flaw: #CVE-2025-54236.
Improper input validation → attackers can hijack other users’ sessions. For an #eCommerce platform, this means fraud + reputation damage.
Details: buff.ly/j3UDLHE 🧵1/4
Improper input validation → attackers can hijack other users’ sessions. For an #eCommerce platform, this means fraud + reputation damage.
Details: buff.ly/j3UDLHE 🧵1/4
Heads up: Edgeless Systems’ #Contrast (v1.9.0–1.12.1) has a vuln regression leaking #secrets to logs (vault creds, encryption keys, workload secrets).
🔗 buff.ly/MQXOrcZ
#AppSec #Kubernetes #CloudSecurity 🧵1/3
🔗 buff.ly/MQXOrcZ
#AppSec #Kubernetes #CloudSecurity 🧵1/3
September 4, 2025 at 2:42 PM
Heads up: Edgeless Systems’ #Contrast (v1.9.0–1.12.1) has a vuln regression leaking #secrets to logs (vault creds, encryption keys, workload secrets).
🔗 buff.ly/MQXOrcZ
#AppSec #Kubernetes #CloudSecurity 🧵1/3
🔗 buff.ly/MQXOrcZ
#AppSec #Kubernetes #CloudSecurity 🧵1/3
Someone didn't validate/sanitize incoming user-supplied payment IDs, leading to the flaw. #SQLi #AppSec #SQLinjection
If you use the Cozmoslabs WordPress Paid Membership Subscriptions plugin, update to 2.15.2 or newer. 🧵 2/2
If you use the Cozmoslabs WordPress Paid Membership Subscriptions plugin, update to 2.15.2 or newer. 🧵 2/2
September 2, 2025 at 9:08 PM
Someone didn't validate/sanitize incoming user-supplied payment IDs, leading to the flaw. #SQLi #AppSec #SQLinjection
If you use the Cozmoslabs WordPress Paid Membership Subscriptions plugin, update to 2.15.2 or newer. 🧵 2/2
If you use the Cozmoslabs WordPress Paid Membership Subscriptions plugin, update to 2.15.2 or newer. 🧵 2/2
🐞 Pay close attention to Kubernetes CVE-2025-5187.
It’s rated Medium (CVSS 6.7), but it allows node users to delete their own nodes without permission — a handy privilege escalation for attackers to cover tracks or damage integrity. buff.ly/3a9hIcB
#Kubernetes #CVE #AppSec #CloudSecurity
🧵 1/2
It’s rated Medium (CVSS 6.7), but it allows node users to delete their own nodes without permission — a handy privilege escalation for attackers to cover tracks or damage integrity. buff.ly/3a9hIcB
#Kubernetes #CVE #AppSec #CloudSecurity
🧵 1/2
September 1, 2025 at 2:12 AM
🐞 Pay close attention to Kubernetes CVE-2025-5187.
It’s rated Medium (CVSS 6.7), but it allows node users to delete their own nodes without permission — a handy privilege escalation for attackers to cover tracks or damage integrity. buff.ly/3a9hIcB
#Kubernetes #CVE #AppSec #CloudSecurity
🧵 1/2
It’s rated Medium (CVSS 6.7), but it allows node users to delete their own nodes without permission — a handy privilege escalation for attackers to cover tracks or damage integrity. buff.ly/3a9hIcB
#Kubernetes #CVE #AppSec #CloudSecurity
🧵 1/2
#LastWeekInAppSec for 19. August 2025: Code injection in AI Agent dev tool, path traversal in `go-getter`, model code injection protection bypass in TensorFlow Keras, and unsafe ImageMagick use in Rails Active storage buff.ly/clVmcTi 🧵 1/5
August 19, 2025 at 2:42 PM
#LastWeekInAppSec for 19. August 2025: Code injection in AI Agent dev tool, path traversal in `go-getter`, model code injection protection bypass in TensorFlow Keras, and unsafe ImageMagick use in Rails Active storage buff.ly/clVmcTi 🧵 1/5
Time for another #LastWeekInAppSec for 12. Aug 2025: ChatGPT-5 system prompt leaked, CISA supports CVE, and AppSec Village completes buff.ly/gsnpATQ
August 12, 2025 at 2:42 PM
Time for another #LastWeekInAppSec for 12. Aug 2025: ChatGPT-5 system prompt leaked, CISA supports CVE, and AppSec Village completes buff.ly/gsnpATQ
We're very excited to be at #DEFCON again this year, with an event and a talk in the #AppSecVillage and shenanigans throughout the weekend. If you see one of us, come say "swordfish"
August 1, 2025 at 3:32 PM
We're very excited to be at #DEFCON again this year, with an event and a talk in the #AppSecVillage and shenanigans throughout the weekend. If you see one of us, come say "swordfish"
Want to see a free, #OpenSource, developer-friendly tool for preventing secrets leaks? Checkmarx Zero's Tal Folkman will be on-site BlackHat #Arsenal (#BHUSA) to demo Too Many Secrets (2MS), available from buff.ly/Yng76l5
Mark your calendar! 2pm (local time) on 6th August, at Arsenal Station 5
Mark your calendar! 2pm (local time) on 6th August, at Arsenal Station 5
July 31, 2025 at 2:13 PM
Want to see a free, #OpenSource, developer-friendly tool for preventing secrets leaks? Checkmarx Zero's Tal Folkman will be on-site BlackHat #Arsenal (#BHUSA) to demo Too Many Secrets (2MS), available from buff.ly/Yng76l5
Mark your calendar! 2pm (local time) on 6th August, at Arsenal Station 5
Mark your calendar! 2pm (local time) on 6th August, at Arsenal Station 5
#CVE-2025-54381 → #BentoML versions 1.4.0 to 1.4.18 are vulnerable to an unauthenticated Server-Side Request Forgery (#SSRF) due to improper validation of user-provided URLs in file upload handlers. CVSSv3 base 9.9, EPSS prediction 6.02% buff.ly/0zoOTvB (🧵 1/3)
July 30, 2025 at 3:53 PM
#CVE-2025-54381 → #BentoML versions 1.4.0 to 1.4.18 are vulnerable to an unauthenticated Server-Side Request Forgery (#SSRF) due to improper validation of user-provided URLs in file upload handlers. CVSSv3 base 9.9, EPSS prediction 6.02% buff.ly/0zoOTvB (🧵 1/3)