Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Is Claude Sonnet 4.5 the BEST AI Coding Tool?!
Is Claude Sonnet 4.5 the BEST AI Coding Tool?!
Phishing Campaign Leveraging the NPM Ecosystem
In October 2025, researchers uncovered a phishing operation that weaponizes the npm ecosystem, but this time not to infect developers at install time, but rather to host and deliver phishing scripts via the trusted unpkg.com CDN.
Get Access to Claude Sonnet 4.5 in VSCode!
Get Access to Claude Sonnet 4.5 in VSCode!
Is This the Best Coding Model in the World? Claude Sonnet 4.5
In this episode of our AI Coding Tools series, we test Claude Sonnet 4.5 to see if it can build a secure note-taking app. The model claims to be the best in the world — but does it live up to the hype? We’ll cover how it codes, where it shines (or struggles), and how it stacks up against other AI coding assistants.
The case against secrets in .env files
Most developers rely on.env files to store secrets like API keys, database passwords, and tokens. But what if I told you this common practice can leave you wide open to attacks? In this video, I break down why storing secrets in a.env file is dangerous, how attackers can exploit it, and what safer alternatives you should be using instead.
Malicious MCP Server on npm postmark-mcp Harvests Emails
On September 25, 2025, the npm package postmark-mcp, an MCP (Model Context Protocol) server intended to let AI assistants send emails via Postmark, was reportedly modified to secretly exfiltrate email contents by adding a blind-copy (BCC) to an external domain. Current analysis suggests the behavior began around 1.0.16 and persisted in later versions.
The Difference Between Vibe and Spec Coding
The Difference Between Vibe and Spec Coding.
How Snyk Learn Helps You Meet PCI DSS v4.0 Developer Training Requirements
As businesses strive to secure sensitive cardholder data and stay compliant with Payment Card Industry Data Security Standard (PCI DSS) v4.0.1, one of the most overlooked areas is developer training. The latest version of the PCI DSS places clear emphasis on ensuring developers are not only residually aware of security best practices, but are actively trained to build secure software and detect vulnerabilities. This is where Snyk Learn comes in.
Snyk Ranked #51 on 2025 Forbes Cloud 100 List
We’re thrilled to share that Snyk has, for the sixth time and fifth consecutive year, been named to the Forbes Cloud 100 ranked at, recognizing the world’s most innovative private cloud companies. This year’s recognition is especially meaningful, reflecting the bold step we took in May to launch the AI Trust Platform, reorienting Snyk around a single mission — securing the future of AI-native software development.