Checkmarx Security Research Team
Thousands of Vibe-Coded Apps Exposing Corporate, Personal Data: RedAccess
Cybersecurity startup RedAccess researchers found some 380,000 apps built with AI vibe coding tools from the likes of Lovable and Replit were publicly accessible on the open web and leaking sensitive corporate ...
Checkmarx Adds Vulnerability Correlation Engine to AppSec Portfolio
At the RSAC 2022 conference, Checkmarx this week announced it has added a correlation engine to its application security portfolio that delivers the results of multiple static code and runtime scans in ...
CVE-2020-35774: twitter-server XSS Vulnerability Discovered
According to its official documentation, “twitter-server” is a Twitter OSS project used to provide a template from which servers at Twitter are built. It provides common application components such as an administrative ...
Drupal Core: Behind the Vulnerability
As you may recall, back in June, Checkmarx disclosed multiple cross-site scripting (XSS) vulnerabilities impacting Drupal Core, listed as CVE-2020-13663, followed by a more technical breakdown of the findings in late November ...
Drupal Core: Behind the Vulnerability
Earlier this year, the Checkmarx Security Research Team conducted an investigation of the new version of Drupal Core (Drupal 9) – a content management system (CMS) written in PHP – uncovering several ...
Cybersecurity Awareness Month Week 1: Day in the Life, Security Researcher
Welcome to week one of Checkmarx’s ‘Day in the Life’ Q&A series for Cybersecurity Awareness Month! Aren’t familiar with what we have planned for October? More here! Have you ever wondered what ...
Privilege Escalation on Meetup.com Enabled Redirection of Payments
The Checkmarx Security Research Team recently audited the security of several high-profile websites, including Meetup.com. For those who are not familiar with Meetup.com, it allows users to create an event where people ...
Checkmarx Research: Smart Vacuum Security Flaws May Leave Users Exposed
There is little doubt that today’s consumers have a tendency to choose convenience over security. When a shiny new gadget designed to make our lives easier finds its way to the consumer ...
Checkmarx Research: Apache Dubbo 2.7.3 – Unauthenticated RCE via Deserialization of Untrusted Data (CVE-2019-17564)
Executive Summary Having developed a high level of interest in serialization attacks in recent years, I’ve decided to put some effort into researching Apache Dubbo some months back. Dubbo, I’ve learned, deserializes ...
Checkmarx Research: SoundCloud API Security Advisory
Recently, the Checkmarx Security Research team investigated the online music platform SoundCloud. According to their website, “As the world’s largest music and audio platform, SoundCloud lets people discover and enjoy the greatest ...
