Security researchers and AppSec leaders are invited to explore research and contribute to vulnerability database
Checkmarx, a leading force in cloud-native application security, has introduced a groundbreaking collaborative research hub under its security research division, Checkmarx Zero. This initiative aims to advance application security (AppSec) by fostering collaboration within the cybersecurity community.
Enhancing AppSec Through Collective Research
Checkmarx VP of Security Research Erez Yalon stated, “The Checkmarx Zero team has always shared our findings with others in the research community within our blog and at more than 100 conference sessions. We invite other AppSec and software supply chain security researchers to explore our vulnerability research and to contribute their own findings as we work together to keep our organizations safe.”
A Hub for Unparalleled Security Insights
The Checkmarx Zero research hub offers an extensive database of security vulnerabilities and threat intelligence, built on years of dedicated research. Key highlights include:
- Over 200 vulnerabilities analyzed and curated every month
- More than 130 zero-day vulnerabilities identified
- Comprehensive research reports detailing malicious package names and indicators of compromise (IOCs)
Also Read: Orca Security Boosts Cloud-Native App Protection
Notable Discoveries and Impactful Research
Checkmarx Zero has been instrumental in uncovering critical vulnerabilities and cybersecurity threats. Some of its most significant findings include:
- A vulnerability in Amazon Ring that could have enabled unauthorized access to users’ camera recordings.
- A large-scale attack campaign led by the group known as RED-LILI, which deployed hundreds of malicious packages targeting the Node Package Manager (NPM) ecosystem, affecting Azure and other developers.
- The first documented software supply chain attacks specifically aimed at the banking industry.
By launching this collaborative AppSec research hub, Checkmarx Zero reinforces its commitment to proactively identifying and mitigating cybersecurity risks. This initiative not only empowers security professionals with valuable threat intelligence but also fosters a more resilient digital ecosystem.