Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the age of AI-driven development, speed is the new baseline. But as AI agents accelerate the pace of coding, they also amplify the risk of security bottlenecks. At Snyk, we believe a superior Developer Experience (DX) is the only way to secure this new frontier. DX is not just a layer on top of the product. It is the foundation that allows developers to unleash AI innovation securely. We think of DX as a system of decisions that compound over time.

On March 23, 2026, Cloud Software Group (Citrix) published a security bulletin disclosing two vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Both affect customer-managed on-premises deployments; Citrix-managed cloud services and Adaptive Authentication instances have been updated automatically. CVE-2026-3055 is an out-of-bounds read resulting from insufficient input validation in NetScaler ADC and NetScaler Gateway.

Zero-day exploits rarely announce themselves. There is no public advisory yet. No CVE identifier. No detection signature sitting inside a rule library. The vulnerability exists quietly until someone discovers it and unfortunately attackers often discover it first. Once that happens, the exploit becomes a test of visibility. Attackers do not usually rush into environments using zero-days. They explore carefully. They check which systems respond. They observe how security tools behave.

Cyber threats are at an all-time high because the digital world is rapidly changing. Every day, new vulnerabilities are found in security systems. Attacks threaten businesses of all sizes by stealing data, disrupting operations, and damaging reputations. It has become clear that Vulnerability Management as a Service (VMaaS) is an effective managed approach for companies to protect their digital assets without managing security systems themselves.

This week, we announced the general availability of Evo AI-SPM, the first operational layer of Snyk’s AI Security Fabric. AI-SPM gives security teams something they’ve never had before: a system of record for AI risk, with the ability to discover models, frameworks, datasets, and agent infrastructure embedded directly in code. For many organizations, that discovery step is a breakthrough.

A supply chain compromise that impacted the Python package LiteLLM, with malicious versions 1.82.7 and 1.82.8 was published to PyPI on March 24, 2026. Bitsight Threat Intelligence, public reporting and vendor disclosures indicate the malicious releases included credential harvesting, Kubernetes-focused lateral movement, and persistence mechanisms, creating serious risk for cloud-native and AI-related environments that installed or ran the affected versions.

The fastest way to reduce risk at enterprise scale is to standardize on a vulnerability and exposure management platform that unifies asset visibility, prioritizes what matters, and automates workflow to remediate. In this article, we’ll break down the nine essential requirements security leaders should insist on when evaluating an enterprise vulnerability management system, whether it’s an existing tool in their tech stack or a potential new capability.

The cybersecurity industry is currently defined by “WTF” moments of panic, from overwhelming vulnerability backlogs to sophisticated AI-driven attacks that bypass traditional defenses. To combat this, organizations must shift their narrative away from reactive frustration and toward the most critical part of exposure management: The Fix. By redefining WTF, security teams can move beyond context-less alerts and manual spreadsheets.

The number of publicly reported unique vulnerabilities has risen year after year. There was a brief decrease and stabilization in 2015 - 2016, but those are the only years in the over two decades (1999 - on) I have been following vulnerability metrics. Other than that, it has been up, up, up.

Cato researchers have discovered a new indirect prompt injection exploit pattern workflow in BrowserOS (an open-source agentic AI browser). We named it “WebPromptTrap” because the prompt originates from untrusted web content and it traps users into approving an authorization step through a trusted-looking AI summary.