In the vast world of cybersecurity, as technologies evolve, so do the methods attackers employ to compromise systems. One such intriguing method that recently surfaced is MySQL servers, leveraging SQL commands to stealthily infiltrate, deploy, and activate malicious payloads. Let's delve deeper into the MySQL bot infection process and explore the intricacies of its operation.

Misconfigurations leave the door open to cybercriminals, which can lead to a range of serious problems, unauthorized access, loss of sensitive information, and disruption of services. In fact, many major data breaches are caused by misconfigurations. Alert to these dangers, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) recently released a joint advisory to warn about the most common cybersecurity misconfigurations in large organizations.

We’ve made several improvements to the attack surface data visible from the overview, such as new IPs and both covered and uncovered assets. We’ve also improved your interaction with fingerprinted technologies across your attack surface.

Ready to go truly passwordless? Starting today, anyone can join our public beta and create a new 1Password Individual account using a passkey.

With over 50,000 in attendance, AWS re:Invent 2023 had generative AI taking center stage at keynotes, race cars, and robots wowing at the Expo. Once again, Snyk showed up in a big way. Some of our highlights included being awarded the AWS ISV Partner of the Year in EMEA and UKI, achieving AWS Security Competency, and several new integrations with AWS services. Best of all, we got to meet all of you!

The landscape of coding is changing as developers embrace AI, automation, microservices, and third-party libraries to boost productivity. While each new approach enhances efficiency, like a double-edged sword, flaws and vulnerabilities are also introduced faster than teams can fix them. Learn about one of the latest innovations solving this in a recap of what our security experts discussed at AWS re:Invent 2023.

Software package hijacking has become a prominent concern for individuals, businesses, and the cybersecurity community at large. We’ve seen this new threat trend rise over the past couple of years, with the potential to severely impact the software supply chain by attackers exploiting software packages to execute malicious code. This blog post details a case study conducted by our security research team, in an effort to trace the typical time before a package hijack is detected.