Developer teams worldwide are increasingly leveraging AI to accelerate the speed of software development. However, AI-generated code can bypass protocols from the security team, so developers may not be evaluating the code as often as they should. Snyk works alongside today’s modern development teams with the goal of harnessing the many benefits of AI-assisted coding, while also providing full trust that the code is secure.

The vulnerability lies in the way HTTP/2 implementations handle CONTINUATION frames, which are used to transmit header blocks larger than the maximum frame size. Attackers exploit this weakness by sending an excessive number of CONTINUATION frames within a single HTTP/2 stream. This flood of frames overwhelms the server's capacity to process them efficiently.

Unveiled on the 29th of March 2024 is the high-stakes investment and prolonged campaign by a malicious actor to plant a backdoor in the Linux software library liblzma to gain access to multiple operating systems via Linux distributions, which arguably worked out successfully. That is until a curious engineer noticed a glitch. Currently known affected upstream software and proposed mitigation.

Over the past few years, software supply chain security has been top of mind for governments and businesses alike. Following Log4Shell in late 2021, the Biden administration’s National Cybersecurity Strategy started focusing on open source supply chain security. The National Security Agency (NSA) recently released new guidance on securing open source software supply chains.

The AI revolution is reshaping industries, processes, and the very fabric of software development. As we navigate through this transformative era, it's crucial to understand not only the evolution and application of AI in software development but also the innovative ways in which Snyk, the industry-leading developer security platform, is harnessing AI to enhance security.

PHP is a popular server-side scripting language that is widely used for web development. PHP developers can ship and deploy more high-quality software products by leveraging static analysis tools that help mitigate PHP code errors, security vulnerabilities, and other issues that can impact the quality and security of the application if not addressed early in the development cycle.

With springtime just around the corner, there’s a lot to be excited about — warmer weather, longer days, and, most importantly, basketball! In honor of the upcoming March Madness tournament, we’ve put together our own dream team for AppSec. Read on to discover the all-star features in application security this year and how they can help your team get a slam dunk in protecting applications from code to cloud.

You may have encountered recent discussions and the official notice from NVD (National Vulnerability Database) regarding delays in their analysis process. This message was posted on the February 13: We want to assure you that these delays do not compromise the integrity or efficacy of Snyk's security intelligence, including the Snyk Vulnerability Database.

As open source software development continues to evolve, so does its susceptibility to cybersecurity threats. One such instance is the recent discovery of malware repositories on GitHub. In this cybersecurity attack, threat actors managed to upload malicious code onto GitHub, a platform that hosts millions of code repositories and is used by developers worldwide.

The Marvin Attack, named after the vulnerability it exploits, poses a significant threat to systems relying on RSA encryption and signing operations. It's a variation of the Bleichenbacher attack, which exploits errors in PKCS #1 v1.5 padding to perform adaptive-chosen ciphertext attacks. The attack leverages timing information obtained from RSA encryption or signing operations.