{"id":106953,"date":"2026-02-12T08:00:00","date_gmt":"2026-02-12T06:00:00","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?post_type=zero-post&#038;p=106953"},"modified":"2026-02-17T19:06:26","modified_gmt":"2026-02-17T17:06:26","slug":"last-week-in-appsec-for-12-feb-2026","status":"publish","type":"zero-post","link":"https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/","title":{"rendered":"Last Week in AppSec for 12. Feb 2026"},"content":{"rendered":"<style type=\"text\/css\">\n@import url(\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/highlight.js\/11.11.1\/styles\/vs2015.min.css\");\n@font-face {\n    font-family: 'Hack';\n    src: url('https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/hack-font\/3.3.0\/web\/fonts\/hack-regular-subset.woff2') format('woff2');\n}\n:root {\n    --code-font: 'Hack','Menlo','Consolas',monospace !important;\n    \/* --code-bg: #282828; *\/\n    --code-bg: rgb(30,30,30);\n    --code-color: #00CC11;\n    --code-dim: #007711;\n    --text-color: rgb(18, 17, 133); \/* use rarely: this matches current text color, but usually just inherit! *\/\n    --highlight-color: #f8ff91;\n    --highlight-color-alt: #736ca0;\n}\narticle.content { max-width: 100% !important; min-width: 80% !important; width: 99% !important; }\n.wp-block-code code { text-wrap: nowrap !important; }\nfigure {\n    margin-top: 1.5rem;\n    margin-bottom: 1.5rem;\n}\np.caption,\nfigcaption { \n    font-size: 1rem !important; \n    font-style: italic !important;\n    \/*background-color: #000;*\/\n    color: var(--code-dim) !important;\n}\np.caption *,\nfigcaption * { \n    font-size: inherit !important; \n}\ndiv.callout {\n    max-width: 80% !important;\n    padding-top: 0.5rem; padding-bottom: 0.5rem;\n    margin-top: 1rem; margin-bottom: 1rem;\n    display: block;\n    margin-left: 10%;\n    border-top: 0.3rem solid rgb(18, 17, 133);\n    border-bottom: 0.3rem solid rgb(18, 17, 133);\n}\ndiv.callout p {\n    font-size: x-large;\n    text-align: left;\n    font-weight: bold;\n}\n.cxzero-video-include { \n    display: block; max-width: 1920px; width: 100%; \n    padding-top: 1rem;\n    padding-bottom: 1rem;\n}\n.cxzero-video-include video {\n    display: block;\n    padding: 0.5rem;\n    background-color: var(--code-bg);\n    width: 98%; \n    object-fit: cover; \n}\npre.wp-block-code,\npre.highlighted-code,\npre.sourceCode,\npre {\n    border: 1px solid var(--code-color);\n    width: 90%;\n    \/*max-width: 90% !important;*\/\n    background-color: var(--code-bg);\n    color: var(--code-color);\n    margin: 1em;\n    padding: 2em;\n    overflow-x: scroll;\n    font-family: var(--code-font);\n    font-size: 10.5pt;\n    line-height: 1.1em;\n    text-wrap: nowrap !important;\n    box-shadow: 5px 5px 13px 0px var(--code-bg);\n}\n* kbd,\n* code,\n* tt {\n    \/*background-color: var(--code-bg);*\/\n    font-family: var(--code-font);\n    padding-inline: 0.5em;\n    color: var(--code-dim); \n    font-size: 85%; \n}\npre code { \n    color: var(--code-color); \n    font-size: 90%;\n}\npre.highlighted-code span {\n    font-family: var(--code-font);\n    font-size: 10.5pt;\n    color: var(--code-color);\n}\npre.highlighted-code span.comment {\n    font-style: italic;\n    color: var(--code-dim);\n}\npre.highlighted-code span.keyword,\npre.highlighted-code span.preproc {\n    font-weight: bold;\n    font-style: oblique;\n}\nblockquote, \nblockquote * { \n    font-size: 1.375rem !important; \n    font-style: italic !important; \n} \nblockquote { \n    border-left: 0.1rem solid; \n    padding-left: 1rem; \n}\n\nmark, mark * {\n    background-color: var(--highlight-color) !important;\n}\n\nmark.ai-content,\nmark.ai-content * {\n    background-color: var(--highlight-color-alt) !important;\n    color: #fff !important;\n}\n\n.cxzero-cve-block { \n    border: 1px solid var(--code-color, #0c1);\n    padding: 0.5rem;\n    p { padding: 0; margin: 0; }\n    span.vulndesc { \n        display: block; \n        font-size: 0.9rem;\n        font-weight: 400;\n        font-style: italic;}\n    span.cvss::before { content: \"  \"; }\n    span.cvss {\n        background: #fe0; \n    }\n    span.cvss.critical { background: #c00; color: #eee; }\n    span.cvss.high { background: #FFAC1C; color: #0015FF; }\n    span.vector::before { content: \"\u25b8\"; }\n    span.vector,\n    span.vector * {\n      overflow-wrap: break-word;\n      font-family: var(--code-font);\n      font-size: 10pt;\n    }\n    .kev {\n        display: block;\n        font-weight: bold;\n    }\n    .kev::before { content: \"\u203c\ufe0f\" }\n}\n\n.print-source-info { display: none; }\n\n@media print {\n    .header, .header *,\n    .article-nav, .article-nav *, .aticle-nav, .aticle-nav *,\n    .section_latest, .section-latest *,\n    footer, footer *,\n    .section-menu-page, .section-menu-page *,\n    .top-menu, .top-menu *,\n    .top-menu__container, .top-menu__container *,\n    .section-zero-article, .section-zero-article *\n    { display: none; }\n\n    @page { margin: 13mm !important; }\n\n    .section-aticle-header__image-or-video { max-width: 125mm; }\n\n    .print-source-info { \n        display: block;\n        border-left: 0.2rem solid #000;\n        font-style: italic !important;\n        font-size: 85%;\n        padding-left: 1rem;\n    }\n\n}\n<\/style>\n<script src=\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/highlight.js\/11.11.1\/highlight.min.js\" integrity=\"sha512-EBLzUL8XLl+va\/zAsmXwS7Z2B1F9HUHkZwyS\/VKwh3S7T\/U0nF4BaU29EP\/ZSf6zgiIxYAnKLu6bJ8dqpmX5uw==\" crossorigin=\"anonymous\" referrerpolicy=\"no-referrer\"><\/script>\n<script>hljs.highlightAll();<\/script>\n\n\n\n\n<p class=\"print-source-info\"><script>document.write(\"Copyright Checkmarx, all rights reserved. Retrieved \" + new Date().toLocaleDateString() + \" from<br\/>\" + window.location.href)<\/script><noscript>This document copyright Checkmarx, all rights reserved.<\/noscript><\/p>\n\n\n\n<h2 id=\"an-overview\" class=\"article-anchor\">An overview<\/h2>\n<p>\n  Two themes stood out last week in AppSec:\n  <strong>developers as a direct target<\/strong> (via package registries and IDE\n  tooling), and <strong>trust boundaries shifting<\/strong> (AI assistants and\n  \u201cskills\u201d ecosystems creating new places where untrusted content becomes\n  instructions).\n<\/p>\n<ul>\n  <li>\n    <p>\n      <strong>Malicious dYdX packages hit npm + PyPI and targeted developer\/ops\n        wallet credentials.<\/strong>\n      Teams that pulled the malicious packages into build\/automation flows or\n      installed them locally are directly affected. But AppSec and related teams\n      should understand this type of attack even if they weren\u2019t impacted this\n      time.\n    <\/p>\n  <\/li>\n  <li>\n    <p>\n      <strong>BeyondTrust pre-auth\n        <abbr title=\"Remote Command Execution\"><abbr title=\"Remote Command Execution\">RCE<\/abbr><\/abbr>\n        (OS command injection) in Remote Support \/ Privileged Remote\n        Access.<\/strong>\n      This is a \u201cpatch now\u201d remote compromise class issue for orgs exposing\n      these services (especially self-hosted).\n    <\/p>\n  <\/li>\n  <li>\n    <p>\n      <strong>\u201cMemory poisoning\u201d and recommendation poisoning for AI\n        assistants.<\/strong>\n      Attackers who can inject content into an assistant\u2019s long-term memory can\n      steer future actions and recommendations\u2014this is a governance +\n      product-security problem, not just \u201cprompt injection.\u201d\n    <\/p>\n  <\/li>\n  <li>\n    <p>\n      <strong>Malicious \u201cskills\u201d \/ agent add-ons: prompt-injection rates and outright\n        malicious entries.<\/strong>\n      The risk isn\u2019t only bad answers\u2014skills can become a <em>bridge<\/em> to\n      credentials, tools, and execution if your agent environment is permissive.\n    <\/p>\n  <\/li>\n  <li>\n    <p>\n      <strong>Docker Desktop for Windows local privilege escalation (incorrect\n        permissions).<\/strong>\n      Local privesc issues are frequently dismissed\u2014don\u2019t. On developer\n      workstations they\u2019re often the missing step after phishing\/infostealers.\n    <\/p>\n  <\/li>\n<\/ul>\n\n\n    <div class=\"section-zero-article light-theme\">\n        <div class=\"section-zero-article__wrapper\">\n            <div class=\"section-zero-article__nav-wrapper\">\n\t\t\t\t<div class=\"section-article-title\">Get updates like this one in your Inbox<\/div>\n                <button class=\"section-article-button\">Subscribe to Checkmarx Zero                    <img decoding=\"async\" src=\"https:\/\/checkmarx.com\/wp-content\/themes\/checkmarx\/assets\/images\/subscribe-zero\/right_up_big.svg\" alt=\"right\">\n                <\/button>\n            <\/div>\n            <img decoding=\"async\" class=\"visual-image\" src=\"https:\/\/checkmarx.com\/wp-content\/themes\/checkmarx\/assets\/images\/subscribe-zero\/visual-article.png\" alt=\"visual\">\n        <\/div>\n    <\/div>\n\t<!-- zero-subscribe-form-modal -->\n<div class=\"modal zero-subscribe-modal\" id=\"zero-subscribe-modal\">\n    <div class=\"modal__overlay modal__header-overlay\" tabindex=\"-1\">\n        <div class=\"modal__container\">\n            <header class=\"modal__header\" tabindex=\"2\">\n                <button class=\"modal__close-zero\" title=\"Close window\" aria-label=\"Close window\"><\/button>\n                <div class=\"section-subscribe\">\n                    <div class=\"section-subscribe__wrap-form\">\n                        <div class=\"section-subscribe__leftPart\">\n                            <div class=\"zero-modal-container\">\n                                <span class=\"zero-modal-container__title\">Never Miss Checkmarx <br> Zero Research Updates.<\/span>\n                                <span class=\"zero-modal-container__description\">Subscribe today!<\/span>\n                            <\/div>\n                            <img decoding=\"async\" class=\"zero-visual\" src=\"https:\/\/checkmarx.com\/wp-content\/themes\/checkmarx\/assets\/images\/subscribe-zero\/cx_zero_subscribe_visual.webp\" alt=\"visual\">\n                        <\/div>\n                        <div class=\"section-subscribe__form hbsp-form form-with-multi-tags-select\">\n                            <script charset=\"utf-8\" type=\"text\/javascript\" src=\"\/\/js.hsforms.net\/forms\/embed\/v2.js\"><\/script>\n                            <script>\n                                hbspt.forms.create({\n                                    region: \"na1\",\n                                    portalId: \"146169\",\n                                    formId: \"fefb6730-994f-41bf-84ae-79460279a306\",\n                                    onFormReady: function ($form) {\n                                        [\n                                            ...document.querySelectorAll('.hs_firstname'),\n                                            ...document.querySelectorAll('.hs_lastname'),\n                                            ...document.querySelectorAll('.hs_company'),\n                                            ...document.querySelectorAll('.hs_jobtitle'),\n                                            ...document.querySelectorAll('.hs-dependent-field')\n                                        ].forEach(elem => elem.style.display = 'none');\n\n\n                                    },\n                                    onFormSubmit: function ($form) {\n                                        document.querySelector('.zero-visual').style.display = 'none';\n                                        document.querySelector('.section-subscribe__leftPart').style.display = 'none';\n                                        document.querySelector('.form-description').style.display = 'none';\n                                        document.querySelector('.section-subscribe__form').style.margin = 0;\n                                        document.querySelector('.section-subscribe__form').style.padding = 0;\n                                        document.querySelector('.section-subscribe').style.minHeight = '132px';\n                                        document.querySelector('.section-subscribe__wrap-form').style.minHeight = '132px';\n                                        document.querySelector('.subscribe-zero-button__description-wrapper')\n                                            .classList\n                                            .add('subscribe-zero-button__description-hide');\n                                    }\n                                });\n                                document.addEventListener('change', (e) => {\n                                    if (e.target.closest('.hs-input')) {\n                                        [\n                                            ...document.querySelectorAll('.hs_firstname'),\n                                            ...document.querySelectorAll('.hs_lastname'),\n                                            ...document.querySelectorAll('.hs_company'),\n                                            ...document.querySelectorAll('.hs_jobtitle'),\n                                            ...document.querySelectorAll('.hs-dependent-field')\n                                        ].forEach(elem => elem.style.display = 'block');\n                                    }\n\n                                })\n                            <\/script>\n                            <p class=\"form-description\">By submitting my information to Checkmarx, I hereby consent to the terms and conditions found in the <a href=\"\/legal\/privacy-policy\/\" target=\"_blank\">Checkmarx\u00a0Privacy\u00a0Policy<\/a> and to the processing of my personal data as described therein. By clicking submit above, you consent to allow Checkmarx to store and process the personal information submitted above to provide you the content requested.<\/p>\n                        <\/div>\n                    <\/div>\n                <\/div>\n            <\/header>\n        <\/div>\n    <\/div>\n<\/div>\n\n\n\n<h2 id=\"featured-item-malicious-dydx-packages-show-why-registry-trust-is-not-enough\" class=\"article-anchor\">\n  Featured item: Malicious dYdX packages show why registry trust is not enough\n<\/h2>\n<p>\n  Socket\u2019s Threat Research Team reported a supply-chain attack that published\n  <strong>malicious packages across both npm and PyPI<\/strong> targeting the\n  dYdX system for trading cryptocurrency and derivatives. While organizations\n  not engaging with dYdX aren\u2019t at risk, this targeted attack is another example\n  of how important it is for organizations to answer a very specific question:\n  <em>how quickly can your organization detect that a normal dependency update\n    introduced malicious code to your systems?<\/em>\n<\/p>\n<h3 id=\"what-the-issue-is\">What the issue is<\/h3>\n<p>\n  The attacker followed a common compromise pattern to compromise dYdX client\n  libraries across npm and PyPI simultaneously:\n<\/p>\n<ul>\n  <li>\n    <p>\n      Upload a new package update to a legitimate package using compromised\n      credentials of a legitimate maintainer.\n    <\/p>\n  <\/li>\n  <li>\n    <p>\n      Include a payload that attempts to\n      <strong>harvest secrets<\/strong> (mainly wallet credentials in this case)\n      and exfiltrate them\n    <\/p>\n  <\/li>\n  <li>\n    <p>Those secrets are then usable by the attacker whenever they wish.<\/p>\n  <\/li>\n<\/ul>\n<p>\n  Other similar attacks have been known to seek out some combination of CI\n  tokens, deployment keys, cloud service credentials, signing keys, and\n  production credentials; however, in this case the attackers focused on seed\n  phrases and device fingerprints that enable access to cryptocurrency wallets.\n<\/p>\n<p>\n  The package uploaded to PyPI also included a Remote Access Trojan (RAT) that\n  gives attackers on-demand access to the developer\u2019s workstation (or build\n  system) where the package is downloaded.\n<\/p>\n<p>\n  We don\u2019t know the attackers\u2019 motives for sure, but it\u2019s good bet they targeted\n  these clients because they\u2019re involved in accessing between $200 million and\n  $540 million worth of transactions daily. Financial gain is a common and\n  compelling motivator for attackers to make significant effort investments.\n<\/p>\n<h3 id=\"why-this-matters-to-appsec-and-developer-teams\">\n  Why this matters to AppSec and developer teams\n<\/h3>\n<p>\n  If a malicious dependency runs during install, build, or test, you are no\n  longer in \u201cvulnerability management\u201d mode\u2014you\u2019re in\n  <strong>incident response<\/strong> mode. Unlike a vulnerability, this isn\u2019t\n  something you can just shrug off. Risks of this type of attack include:\n<\/p>\n<ul>\n  <li>credential reuse into CI\/CD and cloud<\/li>\n  <li>tampering with build outputs<\/li>\n  <li>persistence via tokens, SSH keys, and org access<\/li>\n<\/ul>\n<h3 id=\"what-to-do-minimally-disruptive-high-impact\">\n  What to do (minimally disruptive, high impact)\n<\/h3>\n<ol type=\"1\">\n  <li>\n    <p><strong>Triage exposure fast<\/strong><\/p>\n    <ul>\n      <li>\n        <p>\n          Identify any developer machines and CI runners that installed the\n          malicious packages (dependency lock seeps into places you don\u2019t\n          expect).\n          <a href=\"\/cxsca-open-source-scanning\/\">Checkmarx\n            <abbr title=\"Software Composition Analysis\"><abbr title=\"Software Composition Analysis\">SCA<\/abbr><\/abbr><\/a>\u2019s Global Inventory can assist in this.\n        <\/p>\n      <\/li>\n      <li>\n        <p>\n          Assume secrets present on those hosts may be exposed until proven\n          otherwise.\n        <\/p>\n      <\/li>\n    <\/ul>\n  <\/li>\n  <li>\n    <p><strong>Rotate secrets from a known-clean environment<\/strong><\/p>\n    <ul>\n      <li>\n        Prioritize: repo\/CI tokens, cloud credentials, package publishing\n        tokens, signing keys, and any wallet\/private-key material used by\n        automation.\n      <\/li>\n    <\/ul>\n  <\/li>\n  <li>\n    <p><strong>Add guardrails that scale<\/strong><\/p>\n    <ul>\n      <li>\n        <p>\n          Enforce allow-lists \/ scoped registries for sensitive environments (CI\n          runners, release pipelines).\n        <\/p>\n      <\/li>\n      <li>\n        <p>\n          Block lifecycle scripts by default where feasible (or run them only in\n          hardened sandboxes).\n        <\/p>\n      <\/li>\n      <li>\n        <p>\n          Use\n          <abbr title=\"Software Composition Analysis\"><abbr title=\"Software Composition Analysis\">SCA<\/abbr><\/abbr>\n          with a MPP capability, not just a CVE detector\n        <\/p>\n      <\/li>\n      <li>\n        <p>\n          Use a proactive defense tool like Checkmarx\n          <a href=\"\/malicious-packages-identification-api\/\"><\/a><a href=\"\/malicious-packages-identification-api\/\">MPIAPI<\/a>\n          to block known malicious packages\n        <\/p>\n      <\/li>\n    <\/ul>\n  <\/li>\n<\/ol>\n<p>\n  For more detail (including IOCs and package identifiers), use\n  <a href=\"https:\/\/socket.dev\/blog\/malicious-dydx-packages-published-to-npm-and-pypi\">Socket\u2019s original report<\/a>\n<\/p>\n\n\n\n<h2 class=\"article-anchor\" id=\"article-anchor-1\">\n  BeyondTrust pre-auth RCE is a \u201cpatch now\u201d for remote access infrastructure\n<\/h2>\n<div id=\"CVE-2026-1731\" class=\"cxzero-cve-block\">\n  <p>\n    <a href=\"https:\/\/devhub.checkmarx.com\/cve-details\/CVE-2026-1731\/\" class=\"vulnid\">CVE-2026-1731<\/a>\n    <span class=\"cvss critical\">CVSS v4.0 =9.9<\/span>\n    <span class=\"vector\"><a href=\"https:\/\/www.first.org\/cvss\/calculator\/4-0#CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:H\/VI:H\/VA:H\/SC:L\/SI:H\/SA:L\/E:X\/CR:X\/IR:X\/AR:X\/MAV:X\/MAC:X\/MAT:X\/MPR:X\/MUI:X\/MVC:X\/MVI:X\/MVA:X\/MSC:X\/MSI:X\/MSA:X\/S:X\/AU:X\/R:X\/V:X\/RE:X\/U:X\">CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:H\/VI:H\/VA:H\/SC:L\/SI:H\/SA:L\/E:X\/CR:X\/IR:X\/AR:X\/MAV:X\/MAC:X\/MAT:X\/MPR:X\/MUI:X\/MVC:X\/MVI:X\/MVA:X\/MSC:X\/MSI:X\/MSA:X\/S:X\/AU:X\/R:X\/V:X\/RE:X\/U:X<\/a><\/span>\n  <\/p>\n<\/div>\n<p>\n  BeyondTrust disclosed a critical OS command injection leading to remote code\n  execution affecting <strong>Remote Support<\/strong> and certain versions of\n  <strong>Privileged Remote Access<\/strong>. The reported severity and\n  <em>pre-auth<\/em> nature make this an urgent item for teams with\n  internet-exposed instances.\n<\/p>\n<p>\n  <strong>Scope:<\/strong> users of affected BeyondTrust RS\/PRA versions,\n  particularly self-hosted deployments that are not automatically updated.\n<\/p>\n<p>\n  <strong>Impact:<\/strong> unauthenticated remote attackers may run commands and\n  compromise the system.\n<\/p>\n<p>\n  <strong>Action:<\/strong> patch immediately; validate whether the instance was\n  exposed, and review logs for anomalous process execution around the vulnerable\n  service.\n<\/p>\n<p>\n  Source for more information:\n  <a href=\"https:\/\/www.techradar.com\/pro\/security\/beyondtrust-rce-flaw-lets-hackers-run-code-without-logging-in\">TechRadar (referencing the vendor advisory)<\/a>.\n<\/p>\n<h2 id=\"memory-poisoning-is-becoming-a-real-control-boundary-problem-for-ai-assistants\" class=\"article-anchor\">\n  Memory poisoning is becoming a real control boundary problem for AI assistants\n<\/h2>\n<p>\n  Microsoft described \u201cAI Memory Poisoning\u201d as injecting unauthorized\n  instructions or \u201cfacts\u201d into an assistant\u2019s memory, which then influences\n  future responses and actions.\n<\/p>\n<p>\n  <strong>Scope:<\/strong> any workflow where assistants store durable\n  preferences, \u201cremembered\u201d instructions, or long-lived notes across sessions.\n<\/p>\n<p>\n  <strong>Impact:<\/strong> subtle and persistent steering\u2014recommendations,\n  policy decisions, and tool-use can drift in attacker-chosen directions without\n  an obvious one-time prompt injection event.\n<\/p>\n<p><strong>Action:<\/strong> treat memory as a governed datastore:<\/p>\n<ul>\n  <li>\n    limit what can be written to memory (and by whom\/what content sources)\n  <\/li>\n  <li>require user confirmation for memory writes in higher-risk contexts<\/li>\n  <li>log and review memory changes like you would configuration changes<\/li>\n<\/ul>\n<p>\n  Source for more information:\n  <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/02\/10\/ai-recommendation-poisoning\/\">Microsoft Security blog<\/a>.\n<\/p>\n<h2 id=\"malicious-skills-ecosystems-are-turning-into-an-appsec-problem-not-just-ai-safety\" class=\"article-anchor\">\n  Malicious \u201cskills\u201d ecosystems are turning into an AppSec problem (not just AI\n  safety)\n<\/h2>\n<p>\n  Snyk reported large-scale issues in agent \u201cskills\u201d ecosystems (including\n  prompt injection prevalence and identification of malicious entries),\n  reinforcing a pattern: once an agent can call tools, a poisoned skill can\n  become an <strong>execution path<\/strong>.\n<\/p>\n<p>\n  <strong>Scope:<\/strong> teams adopting agent platforms that load third-party\n  skills\/connectors, especially where skills can reach CI, repos, ticketing, or\n  cloud APIs.\n<\/p>\n<p>\n  <strong>Impact:<\/strong> time-shifted prompt injection, logic-bomb behavior,\n  and tool misuse\u2014often without a traditional exploit.\n<\/p>\n<p><strong>Action:<\/strong> apply supply-chain rules to skills:<\/p>\n<ul>\n  <li>pin versions, require provenance, and review permissions<\/li>\n  <li>isolate tool credentials per-skill (least privilege)<\/li>\n  <li>block network egress from skill runtimes unless explicitly required<\/li>\n<\/ul>\n<p>\n  Source for more information:\n  <a href=\"https:\/\/thehackernews.com\/2026\/02\/researchers-find-341-malicious-clawhub.html\">The Hacker News<\/a>\n<\/p>\n<h2 id=\"docker-desktop-for-windows-local-privesc-dont-dismiss-workstation-privilege-bugs\" class=\"article-anchor\">\n  Docker Desktop for Windows local privesc: don\u2019t dismiss workstation privilege\n  bugs\n<\/h2>\n<p>\n  Trend Micro\u2019s ZDI published an advisory for\n  <strong>Docker Desktop for Windows<\/strong> involving incorrect permission\n  assignment leading to privilege escalation.\n<\/p>\n<p>\n  <strong>Scope:<\/strong> Windows developer endpoints running affected Docker\n  Desktop configurations.\n<\/p>\n<p>\n  <strong>Impact:<\/strong> local privilege escalation can be the step that turns\n  \u201cdeveloper got phished\u201d into \u201cattacker owns the workstation and steals\n  keys\/tokens\/signing material.\u201d\n<\/p>\n<p>\n  <strong>Action:<\/strong> patch Docker Desktop promptly on developer fleets,\n  and ensure endpoint hardening policies treat developer tooling as high-value\n  software.\n<\/p>\n<p>\n  Source for more information:\n  <a href=\"https:\/\/www.zerodayinitiative.com\/advisories\/ZDI-26-068\/\">ZDI advisory ZDI-26-068<\/a>.\n<\/p>\n\n\n\n<style type=\"text\/css\">.cxzero-social{margin-top:1em;padding-top:1em;border-top:1px solid #121086;border-bottom:1px solid #121086;padding-bottom:1em}.cxzero-social p{padding-top:.8em}.cxzero-social .cxzero-social-links{margin-left:.8em}.cxzero-social .social-link{margin-left:.6em}.cxzero-social .social-button{padding:.6em;margin:.2em .2em .2em .2em;white-space:nowrap}.cxzero-social .social-button svg,.cxzero-social .social-link svg{vertical-align:middle;height:1.3em}.cxzero-social .social-button a,.cxzero-social .social-link a{text-decoration:none !important}<\/style> <div class=\"cxzero-social\">\n<p> <span class=\"social-button\"><a class=\"social-action\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url={url}\" onload=\"\"><svg id=\"Layer_1\" data-name=\"Layer 1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" alt=\"LinkedIn Icon\" viewbox=\"0 0 122.88 122.31\"><defs><style>.cls-1{fill:#0a66c2}.cls-1,.cls-2{fill-rule:evenodd}.cls-2{fill:#fff}<\/style><\/defs><title>linkedin-app<\/title>\n<path class=\"cls-1\" d=\"M27.75,0H95.13a27.83,27.83,0,0,1,27.75,27.75V94.57a27.83,27.83,0,0,1-27.75,27.74H27.75A27.83,27.83,0,0,1,0,94.57V27.75A27.83,27.83,0,0,1,27.75,0Z\"><\/path><path class=\"cls-2\" d=\"M49.19,47.41H64.72v8h.22c2.17-3.88,7.45-8,15.34-8,16.39,0,19.42,10.2,19.42,23.47V98.94H83.51V74c0-5.71-.12-13.06-8.42-13.06s-9.72,6.21-9.72,12.65v25.4H49.19V47.41ZM40,31.79a8.42,8.42,0,1,1-8.42-8.42A8.43,8.43,0,0,1,40,31.79ZM23.18,47.41H40V98.94H23.18V47.41Z\"><\/path><\/svg> Share on LinkedIn<\/a><\/span> <span class=\"social-button\"><a class=\"social-action\" href=\"https:\/\/bsky.app\/intent\/compose?text=I%20just%20read%20%22{title}%22%20from%20Checkmarx%20Zero%20{url}\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" alt=\"Bluesky Icon\" viewbox=\"0 0 511.999 452.266\"> <path fill=\"#0085FF\" fill-rule=\"nonzero\" d=\"M110.985 30.442c58.695 44.217 121.837 133.856 145.013 181.961 23.176-48.105 86.322-137.744 145.016-181.961 42.361-31.897 110.985-56.584 110.985 21.96 0 15.681-8.962 131.776-14.223 150.628-18.272 65.516-84.873 82.228-144.112 72.116 103.55 17.68 129.889 76.238 73 134.8-108.04 111.223-155.288-27.905-167.385-63.554-3.489-10.262-2.991-10.498-6.561 0-12.098 35.649-59.342 174.777-167.382 63.554-56.89-58.562-30.551-117.12 72.999-134.8-59.239 10.112-125.84-6.6-144.112-72.116C8.962 184.178 0 68.083 0 52.402c0-78.544 68.633-53.857 110.985-21.96z\"><\/path><\/svg> Share on Bluesky<\/a><\/span> <\/p>\n<p class=\"cxzero-social-links\">Follow <a href=\"\/zero\/\">Checkmarx Zero<\/a>: <span class=\"social-link\"><a class=\"social-con\" href=\"https:\/\/www.linkedin.com\/showcase\/checkmarx-zero\"><svg id=\"Layer_1\" data-name=\"Layer 1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" alt=\"Checkmarx Zero on LinkedIn\" viewbox=\"0 0 122.88 122.31\"><defs><style>.cls-1{fill:#0a66c2}.cls-1,.cls-2{fill-rule:evenodd}.cls-2{fill:#fff}<\/style><\/defs><title>linkedin-app<\/title>\n<path class=\"cls-1\" d=\"M27.75,0H95.13a27.83,27.83,0,0,1,27.75,27.75V94.57a27.83,27.83,0,0,1-27.75,27.74H27.75A27.83,27.83,0,0,1,0,94.57V27.75A27.83,27.83,0,0,1,27.75,0Z\"><\/path><path class=\"cls-2\" d=\"M49.19,47.41H64.72v8h.22c2.17-3.88,7.45-8,15.34-8,16.39,0,19.42,10.2,19.42,23.47V98.94H83.51V74c0-5.71-.12-13.06-8.42-13.06s-9.72,6.21-9.72,12.65v25.4H49.19V47.41ZM40,31.79a8.42,8.42,0,1,1-8.42-8.42A8.43,8.43,0,0,1,40,31.79ZM23.18,47.41H40V98.94H23.18V47.41Z\"><\/path><\/svg> <\/a><\/span> <span class=\"social-link\"><a class=\"social-icon\" href=\"https:\/\/bsky.app\/profile\/checkmarxzero.bsky.social\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" alt=\"Checkmarx Zero on Bluesky\" viewbox=\"0 0 511.999 452.266\"> <path fill=\"#0085FF\" fill-rule=\"nonzero\" d=\"M110.985 30.442c58.695 44.217 121.837 133.856 145.013 181.961 23.176-48.105 86.322-137.744 145.016-181.961 42.361-31.897 110.985-56.584 110.985 21.96 0 15.681-8.962 131.776-14.223 150.628-18.272 65.516-84.873 82.228-144.112 72.116 103.55 17.68 129.889 76.238 73 134.8-108.04 111.223-155.288-27.905-167.385-63.554-3.489-10.262-2.991-10.498-6.561 0-12.098 35.649-59.342 174.777-167.382 63.554-56.89-58.562-30.551-117.12 72.999-134.8-59.239 10.112-125.84-6.6-144.112-72.116C8.962 184.178 0 68.083 0 52.402c0-78.544 68.633-53.857 110.985-21.96z\"><\/path><\/svg> <\/a><\/span> <span class=\"social-link\"><a class=\"social-con\" href=\"https:\/\/x.com\/CheckmarxZero\"><svg alt=\"Checkmarx Zero on X\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" shape-rendering=\"geometricPrecision\" text-rendering=\"geometricPrecision\" image-rendering=\"optimizeQuality\" fill-rule=\"evenodd\" clip-rule=\"evenodd\" viewbox=\"0 0 512 462.799\"><path fill-rule=\"nonzero\" d=\"M403.229 0h78.506L310.219 196.04 512 462.799H354.002L230.261 301.007 88.669 462.799h-78.56l183.455-209.683L0 0h161.999l111.856 147.88L403.229 0zm-27.556 415.805h43.505L138.363 44.527h-46.68l283.99 371.278z\"><\/path><\/svg> <\/a><\/span> <\/p> <script>function social_action_template(a){const b=encodeURIComponent(window.location.href);const c=document.querySelector(\"h1\");let headContent=(c==null?\"\":c.textContent);let processed=a.replace(\/\\{title\\}\/g,encodeURIComponent(headContent));processed=processed.replace(\/\\{url\\}\/g,b);return processed}var socialAction=document.getElementsByClassName(\"social-action\");console.log(socialAction);for(e=0;e<socialAction.length;e++){element=socialAction.item(e);console.log(element);element.href=social_action_template(element.href)};<\/script> <\/div>\n\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>A targeted supply-chain attack pushed malicious dYdX packages to npm and PyPI, stealing wallet credentials and even deploying a RAT\u2014an urgent reminder that \u201cdependency updates\u201d can become incidents. Plus: a BeyondTrust pre-auth RCE worth patching immediately, emerging AI memory\/skills poisoning risks, and why local privesc on developer workstations (Docker Desktop) still matters.<\/p>\n","protected":false},"author":137,"featured_media":106954,"template":"","zero-category":[1176,1333],"zero-tag":[1342,1337],"class_list":["post-106953","zero-post","type-zero-post","status-publish","has-post-thumbnail","hentry","zero-category-security-blogs","zero-category-security-news","zero-tag-last-week-in-appsec","zero-tag-npm"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Last Week in AppSec for 12. Feb 2026 - Checkmarx<\/title>\n<meta name=\"description\" content=\"A targeted supply-chain attack pushed malicious dYdX packages to npm and PyPI, stealing wallet credentials and even deploying a RAT\u2014an urgent reminder that \u201cdependency updates\u201d can become incidents. Plus: a BeyondTrust pre-auth RCE worth patching immediately, emerging AI memory\/skills poisoning risks, and why local privesc on developer workstations (Docker Desktop) still matters.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Last Week in AppSec for 12. Feb 2026 - Checkmarx\" \/>\n<meta property=\"og:description\" content=\"A targeted supply-chain attack pushed malicious dYdX packages to npm and PyPI, stealing wallet credentials and even deploying a RAT\u2014an urgent reminder that \u201cdependency updates\u201d can become incidents. Plus: a BeyondTrust pre-auth RCE worth patching immediately, emerging AI memory\/skills poisoning risks, and why local privesc on developer workstations (Docker Desktop) still matters.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-17T17:06:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/cxzero-feature_2026-02-11_last-week-in-appsec.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1280\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/\",\"url\":\"https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/\",\"name\":\"Last Week in AppSec for 12. Feb 2026 - Checkmarx\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/cxzero-feature_2026-02-11_last-week-in-appsec.webp\",\"datePublished\":\"2026-02-12T06:00:00+00:00\",\"dateModified\":\"2026-02-17T17:06:26+00:00\",\"description\":\"A targeted supply-chain attack pushed malicious dYdX packages to npm and PyPI, stealing wallet credentials and even deploying a RAT\u2014an urgent reminder that \u201cdependency updates\u201d can become incidents. Plus: a BeyondTrust pre-auth RCE worth patching immediately, emerging AI memory\/skills poisoning risks, and why local privesc on developer workstations (Docker Desktop) still matters.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/cxzero-feature_2026-02-11_last-week-in-appsec.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/cxzero-feature_2026-02-11_last-week-in-appsec.webp\",\"width\":2560,\"height\":1280,\"caption\":\"A vibrant, comic book-style illustration showing a conveyor belt with cardboard boxes, a glowing green jar labeled 'MEMORY', and bright green slime flowing onto digital devices displaying code. An old monitor shows a green skull. The scene depicts digital corruption or a cybersecurity threat, with Checkmarx and ZERO logos.\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Last Week in AppSec for 12. Feb 2026 - Checkmarx","description":"A targeted supply-chain attack pushed malicious dYdX packages to npm and PyPI, stealing wallet credentials and even deploying a RAT\u2014an urgent reminder that \u201cdependency updates\u201d can become incidents. Plus: a BeyondTrust pre-auth RCE worth patching immediately, emerging AI memory\/skills poisoning risks, and why local privesc on developer workstations (Docker Desktop) still matters.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/","og_locale":"en_US","og_type":"article","og_title":"Last Week in AppSec for 12. Feb 2026 - Checkmarx","og_description":"A targeted supply-chain attack pushed malicious dYdX packages to npm and PyPI, stealing wallet credentials and even deploying a RAT\u2014an urgent reminder that \u201cdependency updates\u201d can become incidents. Plus: a BeyondTrust pre-auth RCE worth patching immediately, emerging AI memory\/skills poisoning risks, and why local privesc on developer workstations (Docker Desktop) still matters.","og_url":"https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_modified_time":"2026-02-17T17:06:26+00:00","og_image":[{"width":2560,"height":1280,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/cxzero-feature_2026-02-11_last-week-in-appsec.webp","type":"image\/webp"}],"twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/","url":"https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/","name":"Last Week in AppSec for 12. Feb 2026 - Checkmarx","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/cxzero-feature_2026-02-11_last-week-in-appsec.webp","datePublished":"2026-02-12T06:00:00+00:00","dateModified":"2026-02-17T17:06:26+00:00","description":"A targeted supply-chain attack pushed malicious dYdX packages to npm and PyPI, stealing wallet credentials and even deploying a RAT\u2014an urgent reminder that \u201cdependency updates\u201d can become incidents. Plus: a BeyondTrust pre-auth RCE worth patching immediately, emerging AI memory\/skills poisoning risks, and why local privesc on developer workstations (Docker Desktop) still matters.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/zero-post\/last-week-in-appsec-for-11-feb-2026\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/cxzero-feature_2026-02-11_last-week-in-appsec.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/02\/cxzero-feature_2026-02-11_last-week-in-appsec.webp","width":2560,"height":1280,"caption":"A vibrant, comic book-style illustration showing a conveyor belt with cardboard boxes, a glowing green jar labeled 'MEMORY', and bright green slime flowing onto digital devices displaying code. An old monitor shows a green skull. The scene depicts digital corruption or a cybersecurity threat, with Checkmarx and ZERO logos."},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-post\/106953","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-post"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/zero-post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/137"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/106954"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=106953"}],"wp:term":[{"taxonomy":"zero-category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-category?post=106953"},{"taxonomy":"zero-tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/zero-tag?post=106953"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}