Articles
Stay informed on security insights and best practices from Snyk’s leading experts.
Stay informed on security insights and best practices from Snyk’s leading experts.
Showing 81 - 100 of 209 articles
Remote Code Execution with Spring Boot 3.4.0 Properties
this article introduces two methods for leveraging Logback configuration to achieve Remote Code Execution (RCE) in Spring Boot applications. These techniques are effective on the latest version of Spring Boot, with the second approach requiring no additional dependencies.
Don’t Get Too Comfortable: Hacking ComfyUI Through Custom Nodes
This research focuses on ComfyUI, a popular stable diffusion platform with over 1,300 custom node extensions available. Through real-world examples, we demonstrate how even seemingly minor vulnerabilities in custom nodes can lead to full server compromise and explore practical strategies for securing applications that rely on third-party plugin ecosystems to minimize these risks.
Tensor Steganography and AI Cybersecurity
Tensor steganography exploits two key characteristics of deep learning models: the massive number of parameters (weights) in neural networks and the inherent imprecision of floating-point numbers. Learn about this novel technique that combines traditional steganography principles with deep-learning model structures.
Malware in LLM Python Package Supply Chains
The gptplus and claudeai-eng supply chain attack represents a sophisticated malware campaign that remained active and undetected on PyPI for an extended period. These malicious packages posed as legitimate tools for interacting with popular AI language models (ChatGPT and Claude) while secretly executing data exfiltration and system compromise operations.
Path Traversal Vulnerability in Deep Java Library (DJL) and Its Impact on Java AI Development
A newly discovered path traversal vulnerability (CVE-2025-0851) in Deep Java Library (DJL) could allow attackers to manipulate file paths, exposing Java AI applications to security risks. Learn how this flaw impacts DJL users and how updating to version 0.31.1 mitigates the threat.
Security Risks with Python Package Naming Convention: Typosquatting and Beyond
Beware of typosquatting and misleading Python package names—one small mistake in pip install can expose your system to backdoors, trojans, and malicious code. Learn how attackers exploit package naming conventions and discover best practices to secure your open-source supply chain.
Can Machine Learning Find Path Traversal Vulnerabilities in Go? Snyk Code Can!
Explore how Snyk’s machine learning-powered security tools tackle path traversal vulnerabilities in Golang code. Learn how to secure your Go applications and challenge yourself to detect and exploit vulnerabilities like a pro!
Getting Started with Capture the Flag
If you're new to CTFs or looking to sharpen your skills, understanding how they work is key to success. This article breaks down the importance of CTFs in cybersecurity—how they help you develop critical security skills, understand real-world vulnerabilities, and improve your ability to defend systems effectively.