Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Let’s explore the critical role of Modbus in energy and manufacturing systems, then demonstrate real-world exploitation techniques using Docker-based simulations and the custom-built Python tool M.A.T.R.I.X. The danger here is an attacker who gains unauthorized access to a misconfigured Modbus TCP server can send malicious write commands to turn coils ON or OFF, thereby illegally activating or deactivating physical devices.

Software vulnerabilities are an unfortunate reality of enterprise IT. New vulnerabilities are being discovered all the time, and while most will never be exploited by an adversary, without a program to quickly discover and remediate high-priority vulnerabilities, organizations are putting themselves at risk.

As of early May 2025, Arctic Wolf has observed exploitation in the wild of CVE-2024-7399 in Samsung MagicINFO 9 Server—a content management system (CMS) used to manage and remotely control digital signage displays. The vulnerability allows for arbitrary file writing by unauthenticated users, and may ultimately lead to remote code execution when the vulnerability is used to write specially crafted JavaServer Pages (JSP) files.

Snyk Learn, our developer security education platform, now includes lessons on risks in open source software! Check out the new learning path that covers the OWASP Top 10 risks for open source software. Open source software forms the backbone of today’s digital infrastructure. From libraries and frameworks to entire platforms, open source is everywhere. But as a famous uncle once said, with great power comes great responsibility!

The 2025 edition of Verizon’s Data Breach Investigations Report (DBIR) shows a new reality: about one in five confirmed breaches now starts with exploitation of a software vulnerability, a 34 percent jump over the previous year and the first time the vector has surpassed phishing.

It’s easy to think of ISO 27001 as a simple checkbox requirement to get through quickly. Still, technical vulnerabilities in constantly changing environments require more than short-term fixes, as ISO 27001 requires a structured approach for managing them specifically. Here’s the kicker: 60% of breaches exploited known vulnerabilities for which patches were available, but were either delayed or missed. Although the policy may exist, its execution often falls short in the details.

A quarter century ago, a former computer science student from the Philippines accidentally unleashed one of the most destructive computer viruses in modern history.

The rapid adoption of AI coding assistants is transforming software development in ways both good and bad. Developers can produce more code faster than ever with AI, and 96% of developers report using AI coding assistants to streamline their work. AI code generation is becoming mainstream, and in late 2024, Google reported that AI writes more than 25% of its code. While GenAI tools increase productivity, they’re also creating more work for application security teams.