Blog Archiv

After three years of silence, a new jQuery prototype pollution vulnerability emerges once again

15. April 2019

Enriched content on Snyk’s publicly available vulnerability database

8. April 2019

Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem

4. April 2019

Snyking in - regular expression denial of service vulnerability exploit in the ms package

13. März 2019

Top ten Docker images contain over 8000 vulnerable paths

7. März 2019

Snyking in - Directory traversal vulnerability exploit in the st package

25. Februar 2019

A serious security flaw in runC can result in root privilege escalation in Docker and Kubernetes

13. Februar 2019

NumPy arbitrary code execution vulnerability

5. Februar 2019

Severe security vulnerability in Bower’s zip archive extraction

31. Januar 2019

Critical Arbitrary Code Execution Vulnerability Found in Kubernetes

20. Dezember 2018

Report Shows the Equifax Breach was "Entirely Preventable"

18. Dezember 2018

A post-mortem of the malicious event-stream backdoor

6. Dezember 2018

Malicious code found in npm package event-stream downloaded 8 million times in the past 2.5 months

27. November 2018

Behind the disclosure: the Zip Slip vulnerability

15. August 2018

How to crash an email server with a single email

1. August 2018

Zip Slip Vulnerability Cheat Sheet

28. Juni 2018

Public Disclosure of a Critical Arbitrary File Overwrite Vulnerability: Zip Slip

5. Juni 2018

Attacking an FTP Client: MGETting more than you bargained for

4. April 2018

What’s a known vulnerability?

6. Februar 2018

Where do security patches come from?

25. Januar 2018

npm Shrinkwrap reloaded: Locking npm Deps with Package-Lock and Yarn.Lock

10. Januar 2018