Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cursor IDE, as many are aware, is a fork of the open source and popular VS Code IDE project from Microsoft. Similarly to VS Code, Cursor has support for IDE extensions, which prompts many developers to migrate over with their favorite extensions and long-lived workflows, shortcuts, themes, and other configurations. Back in May 2021, Snyk’s Security Labs conducted research that uncovered VS Code extensions vulnerable to insecure code patterns.

Generative AI and Agentic AI are changing everything from who writes software to how we define secure architecture. At Snyk’s recent Lighthouse event in NYC, leaders from cloud, security, and development teams came together to answer one essential question: how do we move fast with AI without breaking trust? The answer? Start with visibility, bake in security by design, and never lose sight of the humans behind the code.

On July 19, 2025, Microsoft disclosed active exploitation of a zero-day vulnerability (CVE-2025-53770) affecting on-premises SharePoint Server instances. Originally, no patch was available for this vulnerability, but fixes were released late on the evening of July 20. CVE-2025-53770 is caused by the deserialization of untrusted data, allowing unauthenticated threat actors to execute code remotely over the network.

CrowdStrike is proud to be named a Strong Performer in The Forrester Wave: Unified Vulnerability Management Solutions, Q3 2025. We believe this recognition underscores the strength of CrowdStrike’s vision, the pace of our innovation, and the rapid adoption of CrowdStrike Falcon Exposure Management by customers transforming their vulnerability management, just 24 months after its launch.

A critical remote code execution vulnerability, CVE-2025-54309, has been identified in CrushFTP server, impacting versions prior to 10.8.5 and 11.3.4_23. This vulnerability exists when the DMZ proxy feature is not in use. It stems from improper validation in the AS2 (Applicability Statement 2) protocol over HTTPS, allowing unauthenticated remote attackers to gain administrative access to the system.

Microsoft recently disclosed a critical remote code execution (RCE) vulnerability in Microsoft SharePoint Server, tracked as CVE-2025-53770. This flaw has been actively exploited in the wild, making it a high-priority concern for enterprises relying on SharePoint for content management and collaboration. In this blog, we’ll unpack the technical root of the vulnerability, how exploitation works, the risks posed, mitigation steps, and what to do if you think you may be impacted. In this article.

A critical vulnerability in the popular Gravity Forms WordPress plugin has led to widespread malware injections across thousands of sites. The flaw is being actively exploited by threat actors, some of whom are inserting backdoors and malicious JavaScript into WordPress sites to carry out data theft, SEO poisoning, and client-side attacks.