Cybercriminals never sleep. Why? They're too busy looking for application vulnerabilities. In the world of cybercrime, a flawed application is a potential goldmine for them, but an onramp to disaster for most organizations.

Snyk Code support for PHP vulnerability scanning is now available in beta. Now security issues in PHP code can be identified quickly and easily. To get started, log into Snyk or sign up for a free account. Once logged in on the dashboard, click on the Add Project button in the top right corner and connect to a repository you want to scan.

On August 21, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released an urgent notice related to the exploitation of ProxyShell vulnerabilities ( CVE-2021-31207 , CVE-2021-34473 , CVE-2021-34523 ). By chaining these vulnerabilities together, threat actors are compromising unpatched Microsoft Exchange servers and gaining footholds into enterprise networks.

As organizations move their infrastructure to the cloud, payment data are being exposed unknowingly leading to high profile data breaches. Find out how the new guidance from PCI Security Standards Council (PCI SSC) and Cloud Security Alliance (CSA) can help protect your cardholder data in the cloud.

Vulnerability management is a full-time occupation. This cybersecurity function is iterative and involves constant monitoring, documentation, and review. From updating your software to recording new patches, vulnerability management is a constant process that benefits from automated tools like Nightfall . Here’s how vulnerability management works, the ins and outs of the vulnerability management life cycle, and best practices to implement at your organization.

Recently, Snyk added Social Trends to its vulnerability data . This new indicator shows you what vulnerabilities are trending so you can better prioritize remediation. Our research team found out that there is a strong correlation between socially trending vulnerabilities and the existence of exploits that can actually harm your application.

During a recent client engagement, the DGC penetration testing team identified a previously unknown vulnerability affecting the Autodesk Licensing Service, a software component bundled with nearly all licensed Autodesk products. The vulnerability exists in a software component common to most Autodesk products and impacts nearly all organizations using licensed Autodesk software in any capacity.

Even the most secure IT system can have vulnerabilities that leave it exposed to cyber attacks. Constantly changing network environments, social engineering schemes, and outdated or unpatched software are all threats that call for routine vulnerability testing. Vulnerability testing, also called vulnerability assessment or analysis, is a one-time process designed to identify and classify security vulnerabilities in a network.

On July 14, 2021, WooCommerce issued an emergency patch for a critical vulnerability allowing an unauthenticated attacker to access arbitrary data in an online store’s database. WooCommerce is one of the most popular e-commerce platforms in the world and is installed on over five million websites. Additionally, the WooCommerce Blocks feature plugin, which is installed on more than 200,000 sites, was affected by the vulnerability and was patched at the same time.