Articles
Stay informed on security insights and best practices from Snyk’s leading experts.
Stay informed on security insights and best practices from Snyk’s leading experts.
Showing 81 - 100 of 207 articles
Don’t Get Too Comfortable: Hacking ComfyUI Through Custom Nodes
This research focuses on ComfyUI, a popular stable diffusion platform with over 1,300 custom node extensions available. Through real-world examples, we demonstrate how even seemingly minor vulnerabilities in custom nodes can lead to full server compromise and explore practical strategies for securing applications that rely on third-party plugin ecosystems to minimize these risks.
Tensor Steganography and AI Cybersecurity
Tensor steganography exploits two key characteristics of deep learning models: the massive number of parameters (weights) in neural networks and the inherent imprecision of floating-point numbers. Learn about this novel technique that combines traditional steganography principles with deep-learning model structures.
Malware in LLM Python Package Supply Chains
The gptplus and claudeai-eng supply chain attack represents a sophisticated malware campaign that remained active and undetected on PyPI for an extended period. These malicious packages posed as legitimate tools for interacting with popular AI language models (ChatGPT and Claude) while secretly executing data exfiltration and system compromise operations.
Path Traversal Vulnerability in Deep Java Library (DJL) and Its Impact on Java AI Development
A newly discovered path traversal vulnerability (CVE-2025-0851) in Deep Java Library (DJL) could allow attackers to manipulate file paths, exposing Java AI applications to security risks. Learn how this flaw impacts DJL users and how updating to version 0.31.1 mitigates the threat.
Security Risks with Python Package Naming Convention: Typosquatting and Beyond
Beware of typosquatting and misleading Python package names—one small mistake in pip install can expose your system to backdoors, trojans, and malicious code. Learn how attackers exploit package naming conventions and discover best practices to secure your open-source supply chain.
Can Machine Learning Find Path Traversal Vulnerabilities in Go? Snyk Code Can!
Explore how Snyk’s machine learning-powered security tools tackle path traversal vulnerabilities in Golang code. Learn how to secure your Go applications and challenge yourself to detect and exploit vulnerabilities like a pro!
Getting Started with Capture the Flag
If you're new to CTFs or looking to sharpen your skills, understanding how they work is key to success. This article breaks down the importance of CTFs in cybersecurity—how they help you develop critical security skills, understand real-world vulnerabilities, and improve your ability to defend systems effectively.
Cloud Security Architecture - Secure by Design
The leading cloud platforms like Amazon Web Services (AWS), Google Cloud (GCP), and Microsoft Azure have thousands of security professionals working to secure their public cloud infrastructure around the clock, but they are not solely responsible for securing cloud deployments.