Vulnerability

10 modern Node.js runtime features to start using in 2024

May 29, 2024 By Liran Tal In Snyk

The server-side JavaScript runtime scene has been packed with innovations, such as Bun making strides with compatible Node.js APIs and the Node.js runtime featuring a rich standard library and runtime capabilities. As we enter into 2024, this article is a good opportunity to stay abreast of the latest features and functionalities offered by the Node.js runtime.

Read Post

Snyk

Read more about 10 modern Node.js runtime features to start using in 2024

5 Things Holding Back Your Vulnerability Management Program and How to Overcome Them Step by Step

May 29, 2024 By Nucleus In Nucleus

Welcome to our latest vulnerability management webinar, hosted by Scott Kuffer and Gene Bandy. In this session, Scott and Gene dive deep into the complexities and challenges faced by organizations in managing vulnerabilities and what you can do about it. Key Topics Covered: Why Watch This Webinar? Don't forget to like, comment, and subscribe for more in-depth webinars and expert discussions on cybersecurity and vulnerability management!

View Video

Nucleus

Read more about 5 Things Holding Back Your Vulnerability Management Program and How to Overcome Them Step by Step

How to Validate URL or URI in JavaScript with Zod

May 29, 2024 By Snyk In Snyk

Watch the full video for more... About Snyk Snyk helps you find and fix vulnerabilities in your code, open-source dependencies, containers, infrastructure-as-code, software pipelines, IDEs, and more! Move fast, stay secure.

View Video

Snyk

Read more about How to Validate URL or URI in JavaScript with Zod

How to track down your expired domain names before hackers do

May 29, 2024 By Marcus White In Outpost 24

What happens when your organization’s domain name expires or changes? Expired domains don’t simply disappear, and they can even become attack routes into your organization. Recent news out of Belgium has highlighted the potential danger, with hundreds of expired domain names and email addresses of government services being found available for purchase online.

Read Post

Outpost 24

Read more about How to track down your expired domain names before hackers do

CyRC Vulnerability Advisory: CVE-2024-5185 Data Poisoning Vulnerability in EmbedAI Application

May 29, 2024 By Synopsys Editorial Team In Synopsys

The Synopsys Cybersecurity Research Center (CyRC) has exposed a data poisoning vulnerability in the EmbedAI application. EmbedAI allows users to interact with documents by utilizing the capabilities of large language models (LLMs). This vulnerability could result in an application becoming compromised, leading to unauthorized entries or data poisoning attacks.

Read Post

Synopsys

Read more about CyRC Vulnerability Advisory: CVE-2024-5185 Data Poisoning Vulnerability in EmbedAI Application

Ivanti EPM Cloud Services Appliance - Taking advantage of a backdoor to detect a vulnerability

May 28, 2024 By Diogo Ferreira & Fábio Freitas In BitSight

At Bitsight, part of the Vulnerability Research team's core work involves analyzing vulnerabilities in order to create detection capabilities that can be implemented on an Internet-wide scale.

Read Post

BitSight

Read more about Ivanti EPM Cloud Services Appliance - Taking advantage of a backdoor to detect a vulnerability

Top 9 Software Supply Chain Security Tools

May 28, 2024 By Avichay Attlan In Jit

Imagine this: an attacker sneaks a tiny backdoor into software that hundreds of companies use. It sounds like a plot from a spy movie, but it’s a real threat that recently impacted major Linux distributions through a compromised utility tool, XZ Utils. So far, in 2024, over 35 billion known records have been breached. The Linux attack, potentially in action and undetected since 2021, is just one of the many that highlight the alarming proliferation of supply chain attacks.

Read Post

Jit

Read more about Top 9 Software Supply Chain Security Tools

Fastify plugins as building blocks for a backend Node.js API

May 28, 2024 By Liran Tal In Snyk

In the world of building backend Node.js APIs, Fastify stands out with its plugin ecosystem and architecture approach, offering a compelling option beyond the conventional Express framework. This highly efficient, low-overhead web framework distinguishes itself through its remarkable speed and streamlined simplicity.

Read Post

Snyk

Read more about Fastify plugins as building blocks for a backend Node.js API

Understanding CVE-2024-32002: Git Remote Code Execution | Threat SnapShot

May 28, 2024 By SnapAttack In SnapAttack

Welcome to this week's episode of SnapAttack Threat Snapshot! In this video, we'll dive into CVE-2024-32002, a critical remote code execution (RCE) vulnerability in Git that leverages symlink handling in repositories with submodules. This vulnerability can be exploited through a simple git clone command, potentially allowing attackers to execute arbitrary code on the victim's machine. *Subscribe to SnapAttack for more in-depth analyses and real-world applications of cybersecurity defenses.*

View Video

SnapAttack

Read more about Understanding CVE-2024-32002: Git Remote Code Execution | Threat SnapShot

How to prevent SSRF Attacks in Node.js

May 27, 2024 By Snyk In Snyk

In today's video, we will be diving deep into keeping your Node.js applications secure from Server-side request forgery (SSRF). What are your experiences with SSRF? let us know in the comments below!

View Video