Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Code scanning is the process of automatically analyzing source code to identify potential security vulnerabilities, bugs, and other code quality issues. It’s a crucial part of secure application development, helping teams detect and fix problems early in the software development lifecycle. Code scanning tools mainly use static analysis methods (examining code without running it), in contrast to dynamic analysis tools which analyze applications while they are running.

XWorm malware reemerges with ransomware, Microsoft disrupts multiple threats targeting Teams, and Storm-1175 exploits a critical GoAnywhere MFT vulnerability.

Today, Snyk is excited to announce a new partnership with Cognition that significantly advances security within the software development lifecycle, validating our "Secure at Inception" model. This collaboration introduces new integrations, Snyk for Devin and Snyk for Windsurf, which directly embed Snyk Studio's security intelligence into Cognition's AI-native developer tools.

Snyk has been named a Leader in the Gartner® Magic Quadrant™ for Application (AST) in 2025. Access your complimentary copy of the report to see how vendors compare in the AST market.

CISA Emergency Directive 25‑03 mandates that federal civilian executive branch (FCEB) agencies immediately identify and mitigate vulnerabilities in Cisco ASA and Firepower devices. The vulnerabilities, which affect SSL VPN components, can be exploited by attackers to gain unauthorized access and pivot across networks. CISA’s actions are based on observed exploit activity in the wild and the critical role these devices play in public sector infrastructure.

We’re thrilled to announce that Snyk has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Application Security Testing (AST)! This recognition, based on our vision and ability to execute, validates our core mission: to empower developers to build securely from the start while giving security teams complete visibility and comprehensive controls.

TL;DR: Aikido now integrates with Secureframe. Vulnerability data syncs automatically so SOC 2 Type 2 and ISO 27001:2022 evidence stays accurate. 16 tests and 5 controls handled for you. Secureframe makes it easier to run SOC 2, ISO 27001, HIPAA and PCI DSS programs. But compliance tools only work if the data inside them is accurate. Too often, teams end up exporting CSVs, uploading reports, or sharing screenshots that are already outdated by the time an auditor looks at them.

On October 11, 2025, Oracle released an emergency fix for a high-severity information disclosure vulnerability in Oracle E-Business Suite (EBS), tracked as CVE-2025-61884. The flaw exists in the Runtime UI component of Oracle Configurator and allows remote unauthenticated threat actors to access sensitive resources. Oracle has not confirmed a link between this vulnerability and the extortion emails received by some Oracle EBS customers from the Cl0p ransomware group in recent weeks.

When we analyzed Ireland's critical national infrastructure (CNI) through an intelligence lens, the findings were sobering. Of 222 CNI organizations examined, 98—nearly 44%—have exposed known vulnerabilities. We then analyzed whether these open doors were being actively exploited by threat actors. Ireland is home to 15,776 attack origins, and 85% of them are the very same IPs and networks in CNI organizations with those exposed known vulnerabilities.