Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Dive into AI and LLM learning with the new Snyk Learn learning path

Snyk Learn, our developer security education platform, just got better! We have expanded our lesson coverage and created a new learning path that covers the OWASP Top 10 for LLMs and GenAI, and is entirely free! As AI continues to revolutionize industries, ensuring the security of AI-driven systems has never been more critical.

The First Step in Creating an Offensive Security Program: Managed Vulnerability Scanning

An offensive security program is an excellent component of a mature cybersecurity program, but kicking off that process can be overwhelming for some organizations. After all, offensive security has several components, such as Penetration Testing, Red Team exercises, incorporating threat intelligence, etc., so it can be hard to decide where to start. The answer to this dilemma starts with Managed Vulnerability Scanning (MVS).

Meet Snyk for Government: Our developer security solution with FedRAMP ATO

The Snyk team is excited to announce that our FedRAMP sponsor, the Center for Medicare and Medicaid (CMS), has granted authorization (ATO), enabling their teams to leverage our public sector offering, Snyk for Government (SFG). This stage signifies that we are almost at the finish line of the FedRAMP process and points to our continued investment and support of public sector organizations in their application security efforts.

Windows Vulnerability Exploited Using Braille 'Spaces' in Zero-Day Attacks

A recently addressed Windows MSHTML spoofing vulnerability, tracked as CVE-2024-43461, has been revealed to have been actively exploited in zero-day attacks by the Advanced Persistent Threat (APT) group, Void Banshee. Initially unmarked as exploited, Microsoft later updated its advisory to confirm that the vulnerability had been abused in attacks prior to its fix.

Want to avoid a data breach? Employ secrets detection

As a software developer, ensuring the security of your applications is paramount. A crucial part of this task involves managing secrets and employing a secrets detection tool. In this context, secrets refer to sensitive data such as API keys, database credentials, encryption keys, and other confidential information. Their unauthorized access or exposure can lead to catastrophic consequences, including data breaches and severe business losses.

Disable SSLv2: When older is not better

Secure Sockets Layer (SSL) is a technology that encrypts data sent between a user's browser and a website or application on a server. The purpose of SSL is to secure the information preventing eavesdropping and tampering. Originally released in 1995, SSLv2 is a protocol used to encrypt data sent over the internet, ensuring that the information remains private and secure.

How Cyber Threats Impact Route Optimization

In 2024, cyber threats cast a shadow over how we navigate roads. Imagine hackers hijacking smart vehicles or manipulating traffic grids to cause chaos. You might wonder how route optimization software keeps you safe and efficient amidst these risks. Here's where enterprise solutions shine. They fortify GPS technology against potential intrusions. But there's more than just defense; they enhance your fleet's performance too.

4 Simple Steps to Implement Risk-Based Vulnerability Management

Imagine if your fire alarm sensor went off every time you burned your toast or lit candles on a birthday cake. After a few false alarms, you’d probably start ignoring them or even turn your sensor off just to get some peace. This is what many information security teams are experiencing with vulnerability alerts.

Top 8 Vulnerability Management Challenges and How to Overcome Them

The State of Application Security report shows that over 2.37 billion attacks were blocked on AppTrana WAAP from April 1, 2024, to June 30, 2024. Attacks targeting vulnerabilities surged by 1,200% in Q2 2024 compared to last year, an alarming fact. This sharp rise highlights that vulnerabilities are the prime target. Moreover, they are now easily exploitable thanks to readily available scripts on known vulnerabilities. This could be because of rapid adoption of AI and LLM models even among hackers.