Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On July 19, 2025, Microsoft disclosed active exploitation of a zero-day vulnerability (CVE-2025-53770) affecting on-premises SharePoint Server instances. Originally, no patch was available for this vulnerability, but fixes were released late on the evening of July 20. CVE-2025-53770 is caused by the deserialization of untrusted data, allowing unauthenticated threat actors to execute code remotely over the network.

Discover key insights from GitGuardian SecDays 2025 on the Non-Human Identity (NHI) crisis. Learn how to tackle secrets sprawl, go secretless, and secure machine identities.

SSO stands for "single sign-on" for apps in one identity domain; however, federated SSO signs in across multiple domains using SAML or OIDC. This blog evaluates federated SSO vs. SSO in depth.

An authenticator app is a mobile utility that makes time-based one-time passcodes (TOTP) from a shared secret. This adds a layer of protection to password logins; no need for the internet.

We're excited to share significant improvements to SecurePortal! Digital proposals have transformed from static PDFs into interactive Live Documents, enabling you to view and engage with proposals directly within your browser, no downloads needed. Once accepted, proposals instantly generate automated assessments complete with tailored questionnaires, streamlining your workflow and improving efficiency.

Generative AI and Agentic AI are changing everything from who writes software to how we define secure architecture. At Snyk’s recent Lighthouse event in NYC, leaders from cloud, security, and development teams came together to answer one essential question: how do we move fast with AI without breaking trust? The answer? Start with visibility, bake in security by design, and never lose sight of the humans behind the code.

Cursor IDE, as many are aware, is a fork of the open source and popular VS Code IDE project from Microsoft. Similarly to VS Code, Cursor has support for IDE extensions, which prompts many developers to migrate over with their favorite extensions and long-lived workflows, shortcuts, themes, and other configurations. Back in May 2021, Snyk’s Security Labs conducted research that uncovered VS Code extensions vulnerable to insecure code patterns.

At Snyk, we believe that AI innovation starts with trust, which must be earned through clear governance, sound security practices, and proven value delivery. As we scale our AI initiatives across the business, we’re continually refining how to implement AI in a way that is not just fast and functional, but also secure and responsible.

A newly disclosed zero-day vulnerability in Microsoft SharePoint Server — CVE-2025-53770 — is currently being exploited in the wild and poses a critical threat to organizations running on-premises SharePoint instances.

Windows Server 2025 introduced delegated managed service accounts (dMSAs) to improve security by linking service authentication to device identities. But attackers have already found a way to twist this new feature into a dangerous privilege escalation technique. The BadSuccessor attack lets adversaries impersonate any user — even domain admins — without triggering traditional alerts. Here’s how it works, why it’s so stealthy, and what you can do to stay ahead of it.