Articles

How to avoid SSRF vulnerability in Go applications

In this article, learn how SSRF vulnerabilities manifest in Go applications, and how developers can implement effective security measures to protect their applications and data.

Remote Code Execution with Spring Boot 3.4.0 Properties

this article introduces two methods for leveraging Logback configuration to achieve Remote Code Execution (RCE) in Spring Boot applications. These techniques are effective on the latest version of Spring Boot, with the second approach requiring no additional dependencies.

Securing a Java Spring Boot API from broken JSONObject serialization CVE-2023-5072

This article explains how a critical vulnerability (CVE-2023-5072) in JSONObject library can lead to denial-of-service attacks on Spring Boot Java applications and provides steps to mitigate the risk.

Don’t Get Too Comfortable: Hacking ComfyUI Through Custom Nodes

This research focuses on ComfyUI, a popular stable diffusion platform with over 1,300 custom node extensions available. Through real-world examples, we demonstrate how even seemingly minor vulnerabilities in custom nodes can lead to full server compromise and explore practical strategies for securing applications that rely on third-party plugin ecosystems to minimize these risks.

How to Install Python on macOS

Learn how to install Python on macOS step by step. This easy guide covers downloading, installing, and setting up Python on your Mac for beginners and developers.

Golang SQL Injection By Example

Learn how to prevent SQL injection in Golang applications by using prepared statements and parameterized queries and leveraging tools like Snyk for vulnerability detection.

How to Write Secure Go Code

Learn how to write secure code in Go and protect your applications from vulnerabilities like SQL injection and SSRF. Discover best practices for Go development and how Snyk Code can help you identify and fix security issues effortlessly.

Tensor Steganography and AI Cybersecurity

Tensor steganography exploits two key characteristics of deep learning models: the massive number of parameters (weights) in neural networks and the inherent imprecision of floating-point numbers. Learn about this novel technique that combines traditional steganography principles with deep-learning model structures.

Malware in LLM Python Package Supply Chains

The gptplus and claudeai-eng supply chain attack represents a sophisticated malware campaign that remained active and undetected on PyPI for an extended period. These malicious packages posed as legitimate tools for interacting with popular AI language models (ChatGPT and Claude) while secretly executing data exfiltration and system compromise operations.

How to Secure Your GitHub Actions Workflows with Snyk to Enhance JavaScript Security

Snyk provides a pre-built custom Snyk GitHub Actions workflow that you can add to your CI and saves you the trouble of managing the vulnerability scans using the Snyk CLI directly.

Path Traversal Vulnerability in Deep Java Library (DJL) and Its Impact on Java AI Development

A newly discovered path traversal vulnerability (CVE-2025-0851) in Deep Java Library (DJL) could allow attackers to manipulate file paths, exposing Java AI applications to security risks. Learn how this flaw impacts DJL users and how updating to version 0.31.1 mitigates the threat.

Security Risks with Python Package Naming Convention: Typosquatting and Beyond

Beware of typosquatting and misleading Python package names—one small mistake in pip install can expose your system to backdoors, trojans, and malicious code. Learn how attackers exploit package naming conventions and discover best practices to secure your open-source supply chain.

Simple Doesn't Always Mean Secure: Avoid this Golang XSS Pattern

Cross-site scripting (XSS) attacks are a web vulnerability that allows attackers to inject malicious scripts into web pages. Learn how to prevent and fix XSS scripting in Golang.

Preventing Broken Access Control in Python Flask Applications

If you code your Python Flask applications for modern SaaS-like business applications, it is surely a vulnerability. Learn how to prevent broken access control in Python Flask Applications.

Is TypeScript All We Need for Application Security?

What are the security controls and fallacies in TypeScript security? Securing TypeScript applications involves a multi-layered approach.

Understanding Server-Side Template Injection in Golang

SSTI can open the door to escalating security risks such as file inclusion, Cross-Site Scripting (XSS), or even Code Injection Attacks.

Can Machine Learning Find Path Traversal Vulnerabilities in Go? Snyk Code Can!

Explore how Snyk’s machine learning-powered security tools tackle path traversal vulnerabilities in Golang code. Learn how to secure your Go applications and challenge yourself to detect and exploit vulnerabilities like a pro!

DevSecOps Overview

DevSecOps refers to the integration of security practices into a DevOps software delivery model. Its foundation is a culture where development and operations are enabled through process and tooling to take part in a shared responsibility for delivering secure software.

AI Data Security: Risks, Frameworks, and Best Practices

Learn about the top data security risks of AI, along with frameworks for understanding protection and best practices for choosing AI tools.

Getting Started with Capture the Flag

If you're new to CTFs or looking to sharpen your skills, understanding how they work is key to success. This article breaks down the importance of CTFs in cybersecurity—how they help you develop critical security skills, understand real-world vulnerabilities, and improve your ability to defend systems effectively.