Vulnerability InsightsNVD in the AI Era: The Case for Multi-Source Vulnerability IntelligenceJune 25, 2026
Supply Chain SecurityWhen a vendor's breach becomes yours: lessons from the Klue incidentJune 23, 2026
Open Source SecurityThe full Snyk AI Security Platform, free for open source maintainersJune 18, 2026
Supply Chain SecurityA Forgotten Contributor Account Compromised the Entire Mastra npm Package ScopeJune 16, 2026
Supply Chain SecurityNode-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gypJune 4, 2026
AIProtestware by open source maintainer to hinder agentic coding: The jqwik 1.10.0 Prompt InjectionJune 2, 2026
Supply Chain SecurityMiasma supply chain attack: malicious code found in @redhat-cloud-services npm packagesJune 1, 2026
Supply Chain SecurityMini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer AccountMay 18, 2026
Supply Chain SecurityMalicious node-ipc versions published to npm in suspected maintainer account compromiseMay 15, 2026
Supply Chain SecurityTanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain AttackMay 11, 2026
Supply Chain Securitylightning PyPI Compromise: A Bun-Based Credential Stealer in PythonApril 30, 2026
Supply Chain Security"A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm PackagesApril 29, 2026
Supply Chain SecurityMalicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data EngineersApril 27, 2026
AIJPMorgan Just Published a Cyber To-Do List and Snyk Covers 8 of the 10 Items. How do you stack up?April 23, 2026
Supply Chain SecurityAxios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RATMarch 30, 2026