Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Recently, Sysdig published a blog post about the ways businesses can harden their LLM-based AI applications using the OWASP Top 10 for Large Language Models. So why are we writing about MITRE ATLAS, and how is this any different from the OWASP Top 10 for LLMs?

Vulnerability management is often a complex task, particularly when using multiple scanning tools or dealing with the constant flow of new CVEs. Different scanners can uncover the same vulnerability but provide different insights or look at different metadata, making it look like one vulnerability is several without the proper context. We are excited to introduce the Nucleus CVEs Page, designed to enhance how your organization manages vulnerabilities across projects.

This story starts when Sébastien Lorber, maintainer of Docusaurus, the React-based open-source documentation project, notices a Pull Request change to the package manifest. Here’s the change proposed to the popular cliui npm package: Specifically, drawing our attention to the npm dependencies change that use an unfamiliar syntax: Most developers would expect to see a semver version range in the value of a package or perhaps a Git or file-based URL.

The Common Unix Printing System (CUPS), a standard component in nearly every Unix-like and Linux system, has recently come under scrutiny due to a series of critical vulnerabilities discovered by security researcher Simone Margaritelli. These issues, collectively known as the CUPS vulnerability, expose Linux and Unix environments to potential remote code execution and information disclosure risks.

Managing vulnerabilities across multiple domains, and especially application security, is a challenging task for enterprise organizations. Security teams often find themselves grappling with fragmented tools and data, leading to inefficiencies and potential blind spots. Seemplicity’s recent integration with Ox Security addresses this issue directly, offering a unified approach to vulnerability management that bridges the gap between security, development, and operations teams.

What are some of the growing cybersecurity risks in the modern software development landscape that keep CISOs busy? Developers and security teams face an ever-increasing array of threats, from sophisticated open source and vendor-controlled supply chain attacks to vulnerabilities introduced by AI-generated code like prompt injection and poor code security by GitHub Copilot.

Snyk, a leading provider in developer security, is excited to share that we’ve been named a Customers’ Choice in the 2024 Gartner Peer Insights Voice of the Customer for Application Security Testing for a third consecutive year. Gartner defines the Application Security Testing category as products and services designed to analyze and test applications for security vulnerabilities. This distinction is based on meeting or exceeding user interest, adoption, and overall experience.

CVE-2024-7594 is a severe unrestricted authentication issue affecting HashiCorp’s Vault’s SSH secrets engine. The National Institute of Standards and Technology (NIST) has not yet evaluated this vulnerability’s CVSS score but HashiCorp assigned it a base score of 7.5 (high). An outside security researcher, Jörn Heissler, discovered an issue with the valid_principals field in Vault’s SSH secrets engine.