Skip to main content

Blog Archive

Topic
Audience

Showing 1 - 24 of 213 posts

AI

280+ Leaky Skills: How OpenClaw & ClawHub Are Exposing API Keys and PII

February 5, 2026

AI

Snyk Finds Prompt Injection in 36%, 1467 Malicious Payloads in a ToxicSkills Study of Agent Skills Supply Chain Compromise

February 5, 2026

AI

ServiceNow's Virtual Agent Vulnerability Shows Why AI Security Needs Traditional AppSec Foundations

January 14, 2026

AI

Beyond Detection: Building a Resilient Software Supply Chain (Lessons from the Shai-Hulud Post-Mortem)

January 8, 2026

Application Security

The Holiday Whisper: Shai-Hulud 3.0

December 29, 2025

Vulnerability Insights

Security Advisory: Critical RCE Vulnerabilities in React Server Components (CVE-2025-55182)

December 3, 2025

Supply Chain Security

SHA1-Hulud, npm supply chain incident

November 24, 2025

AI

Malicious MCP Server on npm postmark-mcp Harvests Emails

September 25, 2025

AI

When “Private" Isn't: The Security Risk of GPT Chats Leaking to Search Engines

August 1, 2025

Application Security

Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware

July 22, 2025

Vulnerability Insights

Snyk’s Statement on the MITRE CVEs Program Funding Update

April 16, 2025

Vulnerability Insights

CVE-2025-29927 Authorization Bypass in Next.js Middleware

March 23, 2025

Vulnerability Insights

Reconstructing the TJ Actions Changed Files GitHub Actions Compromise

March 17, 2025

Open Source Security

Best practices for continuous vulnerability management

October 29, 2024

Application Security

Want to avoid a data breach? Employ secrets detection

September 16, 2024

Engineering

Exploiting HTTP/2 CONTINUATION frames for DoS attacks

April 8, 2024

Application Security

The XZ backdoor CVE-2024-3094

March 31, 2024

Application Security

Vulnerability vs Weakness: Understanding Key Differences in AppSec

November 17, 2023

Vulnerability Insights

Weak Hash vulnerability discovered in crypto-js and crypto-es (CVE-2023-46233 & CVE-2023-46133)

October 25, 2023

Vulnerability Insights

Find and fix HTTP/2 rapid reset zero-day vulnerability CVE-2023-44487

October 11, 2023

Code Security

How to update cURL

October 11, 2023

Vulnerability Insights

How to find and fix Critical WebP zero-day vulnerability CVE-2023-4863

October 5, 2023

Vulnerability Insights

High severity vulnerability found in libcurl and curl (CVE-2023-38545)

October 4, 2023

Supply Chain Security

Critical WebP 0-day security CVE-2023-4863 impacts wider software ecosystem

September 28, 2023

1Page 2Page 3Page 4Page 5Page 9

Subscribe to our newsletter

Get all latest content from Snyk directly to your mailbox.