Checkmarx Zero

What can you learn from n8n's OverDoS vulnerability? Mainly how to handle design decisions around implementing OpenID's DCR (Dynamic Client Registration). If you have an OAuth 2.0 enabled application, you might want DCR: but you also have to think it through! See more on our first-ever Substack post: "OverDoS: How OpenID bit n8n" -- https://t.co/bohkev0thn We'll show you how reasonable design decisions led to potential for a massive denial of service, and how the folks at n8n made small changes to dramatically reduce the risk.

A critical path traversal vulnerability (CVE-2025-15036) has been identified in MLflow with a CVSS score of 9.6. The extract_archive_to_dir function within mlflow/pyfunc/dbconnect_artifact_cache.py lacks validation of tar member paths during extraction. An attacker with control over a tar.gz file can exploit this to overwrite arbitrary files or gain elevated privileges, potentially escaping the sandbox directory entirely. This is especially dangerous in multi-tenant or shared cluster environments, and affects all versions before v3.7.0. Stay safe by upgrading to MLflow v3.7.0 or later and restricting access to untrusted tar.gz archives until you've patched. Path Traversal in mlflow - CVE-2025-15036 https://t.co/eM4jFimdJe

🚨Axios Supply Chain Attack A new supply chain attack has been identified targeting the widely used Axios package, introducing malicious code into published versions. Compromised versions: axios: 1.14.1, 0.30.4 These compromised versions inject a malicious dependency: plain-crypto-js: 4.2.1 These malicious packages are already identified by our Malicious Package Identification API (MPIAPI), and flagged by Malicious Package Protection (MPP) during SCA scans, helping protect Checkmarx customers as the campaign evolves. 🔍 Why this matters - Executes across dev, CI/CD, and production environments - Enables outbound communication to attacker-controlled infrastructure - Risks data exfiltration and remote payload execution - High blast radius due to Axios adoption 🧪 How to check if you may be impacted - Check installed versions: npm list axios / npm list plain-crypto-js - Look for traffic to: sfrclak[.]com (142.11.206.73) - Review logs for anomalies 🛡️ Recommended actions - Remove affected versions immediately - Pin dependencies to trusted versions - Block known IOCs at network level - Audit CI/CD pipelines for automatic updates - Rotate credentials if exposure is suspected This is another reminder that software supply chain attacks are increasingly targeting high-trust, widely used libraries. #AppSec #SupplyChainSecurity #OpenSourceSecurity #DevSecOps #SCA #CyberSecurity #Axios

AI-based security review tools are fascinating, so of course we've been pushing them to discover their strengths and limits. One of our senior security researchers, Alon Lerner, noted that security review commands and tools in LLMs definitely sound very confident in their results. But that confidence is often unearned. LLM-based tools are probabilistic, require significant context to get meaningful results, and make important mistakes in analysis that can mislead AppSec teams and developers. But there's real value available to organizations that adopt these tools to augment their security programs. IF you understand the strengths and limitations and use them wisely. Learn more: https://t.co/khjmDJOdUZ

📢 CVSS 10.0 Critical RCE disclosed in OpenClaw npm module prior to 2026.2.14 Remote Code Execution in openclaw results in full host takeover, exposed when an attacker manages to authenticate to gateway, meaning this is an elevation of privilege allowing lateral movement and increased access. Fixed in [email protected]. 📦 https://t.co/BNGE6Q4Gjx #RCE #OpenClaw #Vulnerability #AISecurity