Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We’re thrilled to announce that Snyk has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Application Security Testing (AST)! This recognition, based on our vision and ability to execute, validates our core mission: to empower developers to build securely from the start while giving security teams complete visibility and comprehensive controls.

In October 2025, researchers uncovered a phishing operation that weaponizes the npm ecosystem, but this time not to infect developers at install time, but rather to host and deliver phishing scripts via the trusted unpkg.com CDN.

On September 25, 2025, the npm package postmark-mcp, an MCP (Model Context Protocol) server intended to let AI assistants send emails via Postmark, was reportedly modified to secretly exfiltrate email contents by adding a blind-copy (BCC) to an external domain. Current analysis suggests the behavior began around 1.0.16 and persisted in later versions.

As businesses strive to secure sensitive cardholder data and stay compliant with Payment Card Industry Data Security Standard (PCI DSS) v4.0.1, one of the most overlooked areas is developer training. The latest version of the PCI DSS places clear emphasis on ensuring developers are not only residually aware of security best practices, but are actively trained to build secure software and detect vulnerabilities. This is where Snyk Learn comes in.

We’re thrilled to share that Snyk has, for the sixth time and fifth consecutive year, been named to the Forbes Cloud 100 ranked at, recognizing the world’s most innovative private cloud companies. This year’s recognition is especially meaningful, reflecting the bold step we took in May to launch the AI Trust Platform, reorienting Snyk around a single mission — securing the future of AI-native software development.

Company overview: Labelbox is the leading data factory for delivering high-quality, frontier data to top AI labs and enterprise AI teams.

As AI transforms software development, AppSec teams face new complexities. For instance, the lack of visibility into where AI is being used and the reality that AI-generated code is often highly vulnerable make it nearly impossible to prioritize remediation and effectively scale security programs. To succeed, AppSec teams have to evolve from task managers to strategic governance enforcers.

Security issues in software development often stem not from developers’ lack of concern but from a fundamental disconnect between development and security teams. Each wants to do their job well, but their goals and expectations frequently conflict. This misalignment costs organizations in heightened security risks and tangible operational setbacks. Security issues identified too late in the cycle delay releases and increase project costs.

This is an ongoing incident and updates will be provided as more information is confirmed.

We’re excited to announce that Snyk has been recognized as a Leader in the Forrester Wave: Static Application Security Testing (SAST) Solutions, Q3 2025. This recognition affirms our place at the forefront of developer-first security — and highlights the innovation, customer impact, and platform breadth that continue to set us apart.