In recent developments, a sophisticated malware stealer strain crafted in the Go programming language has been discovered by AT&T Alien Labs, posing a severe threat to both Windows and macOS operating systems. As of the time of publishing of this article, traditional antivirus solutions have low or even non-existent detection rates, making it a stealthy and formidable adversary.

On December 13, 2023, threat actors began exploitation attempts against CVE-2023-50164, a critical-severity remote code execution (RCE) vulnerability impacting Apache Struts, an open-source framework used to create Java Web applications. Based on current intelligence, the threat actors are leveraging a publicly published proof of concept (PoC) exploit.

Applications frequently need to provide authentication credentials to gain access to cloud services and other resources. However, these credentials present a security risk because they are notoriously difficult to keep out of code. According to a GitGuardian report, 10 million credentials were publicly committed to GitHub in 2022. Leaked credentials such as these are a major cause of data breaches and account takeovers.

We’re proud that Snyk has been honored with inclusion on the inaugural Fortune Cyber 60 list as a top growth-stage company. The full list was unveiled late last week. In 2023, our industry encountered distinctive challenges, but the entire Snyk community demonstrated resilience and a steadfast commitment to our founding mission: empowering and equipping DevSecOps teams worldwide to build securely.

IT pros need local admin rights on corporate devices to install software, modify configuration settings, perform troubleshooting and so on. But all too often, business users are also routinely granted local admin rights on their computers.

Amidst the ongoing surge in cyber threats, CISOs are encountering increasing challenges in their responsibilities. During a recent CISO Panel Discussion on Application Security hosted by our CEO, Ashish Tandan, CISOs Kiran Belsekar from Aegon Life and Manoj Srivastava from Future Generali expressed concerns about managing security postures and shared actionable strategies to tackle evolving threats.

A software bill of materials (SBOM) is a detailed, comprehensive list of all the components within a software application, including the use of open-source software, component dependencies, licenses, and known vulnerabilities. SBOMs provide an inventory of each individual component that comprises the application, much like a list of ingredients in a recipe.