Everyone loves open source, and for good reason. We want to help you use open source and stay secure. Read more to learn how this is achievable!
Snyk recently discovered overt 200 malicious packages in the npm registry. While we acknowledge that vulnerability fatigue is an issue for developers, this article is not about the typical case of typosquatting or random malicious package. This article shares the findings of targeted attacks aimed at businesses and corporations that Snyk was able to detect and share the insights.
Once in a while we encounter a truly malicious package that has a purpose, means, and is production-ready — this is a story about one found in npm: gxm-reference-web-auth-server.
In this post, we'll discuss why developers include native C/C++ extensions in their high-level language projects. Then, we'll use Python and the PyPI registry to detect hidden C-related vulnerabilities in higher-level language projects and reveal how low-level vulnerabilities can impact higher-level code.
Following the addition of C/C++ security scanning to Snyk Open Source, we discuss some common C/C++ vulnerabilities and ways to mitigate them.
Customers discuss how they used Snyk tools to automate elements of their software development process.
You've heard of Spring4Shell, now learn about similar exploits for Glassfish and Payara that leverage the same issue in Spring, but with a different payload.
Announcing the general availability of unmanaged C/C++ security scanning in Snyk Open Source, enabling developers to find and fix known security vulnerabilities.
Alert: Faxios has been breached by the LaughTilYouCry ransomware, which has flooded the hard drives of users with horrible puns and dad jokes.