Brian Moussalli

The Latest From Brian Moussalli

• Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk

  September 4, 2024 | 18 min read

  JFrog's security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment. This blog details a PyPI supply chain attack technique the JFrog research team discovered had been recently exploited in the wild. This attack technique…

  Read More  
• Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine

  July 9, 2024 | 8 min read

  The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub. As a community service, the JFrog Security Research team continuously scans public repositories such as Docker Hub,…

  Read More  
• JFrog Security research discovers coordinated attacks on Docker Hub that planted millions of malicious repositories

  April 30, 2024 | 19 min read

  As key parts of the software ecosystem, and as partners, JFrog and Docker are working together to strengthen the software ecosystem. Part of this effort by JFrog's security research team involves continuous monitoring of open-source software registries in order to proactively identify and address potential malware and vulnerability threats. In former publications, we have discussed…

  Read More  
• CVE-2024-3094 XZ Backdoor: All you need to know

  March 31, 2024 | 14 min read

  Update April 1st - Updated "What is the malicious payload of CVE-2024-3094?" due to newly released OSS tools Update April 7th - Updated "What is the malicious payload of CVE-2024-3094?" due to more published payload research   On March 29th, it was reported that malicious code enabling unauthorized remote SSH access has been detected within…

  Read More  
• New .NET Malware “WhiteSnake” Targets Python Developers, Uses Tor for C&C Communication

  April 24, 2023 | 17 min read

  The JFrog Security Research team recently discovered a new malware payload in the PyPI repository, written in C#. This is uncommon since PyPI is primarily a repository for Python packages, and its codebase consists mostly of Python code, or natively compiled libraries used by Python programs. This finding raised our concerns about the potential for…

  Read More  
• Attackers are starting to target .NET developers with malicious-code NuGet packages

  March 20, 2023 | 12 min read

  Update 2023-03-21 - We've talked with members of the NuGet team and they had already detected and removed the malicious packages in question. Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories affected. Specifically - there was no public evidence of severe malicious activity in the…

  Read More  
• CVE-2022-30522 – Denial of Service (DoS) Vulnerability in Apache httpd “mod_sed” filter

  June 28, 2022 | 8 min read

  This past March we posted an analysis of a vulnerability in the Apache HTTP Server mod_sed filter module, CVE-2022-23943, in which a Denial of Service (DoS) can be triggered due to a miscalculation of buffers’ sizes. While analyzing this Apache httpd vulnerability and its patch, we suspected that although the fix resolved the issue, it…

  Read More  
• Diving into CVE-2022-23943 – a new Apache memory corruption vulnerability

  March 17, 2022 | 7 min read

  A few days ago it was reported that the new Apache version 2.4.53 contains fixes for several bugs which exposed the users of the well known HTTP server to attacks: CVE-2022-22719 relates to a bug in the mod_lua modules which may lead to Denial of Service after reading from a random memory Area, CVE-2022-22720 exposes…

  Read More