Johnathan-Sar-Shalom

Jonathan Sar Shalom

JFrog Director of Threat Research

Jonathan is the Director of Threat Research at JFrog Security. Jonathan’s background includes more than 13 years in cyber security, with experience in security research, reverse engineering, and malware analysis. He currently leads the Threat Research team in JFrog Security, specializing in vulnerabilities analysis, threat intelligence research, and automated threats detection.

The Latest From Jonathan Sar Shalom

  • CVE-2024-3094 XZ Backdoor: All you need to know

    | 14 min read

    Update April 1st - Updated "What is the malicious payload of CVE-2024-3094?" due to newly released OSS tools Update April 7th - Updated "What is the malicious payload of CVE-2024-3094?" due to more published payload research   On March 29th, it was reported that malicious code enabling unauthorized remote SSH access has been detected within…

    Read More  
  • Detecting Malicious Packages and How They Obfuscate Their Malicious Code

    | 14 min read

    Wow! We made it to the last post in our Malicious Packages series. While parting is such sweet sorrow, we hope blogs one, two, and three provide insights into the havoc malicious packages cause throughout your DevOps and DevSecOps pipelines.  In the prior posts: We explained what software supply chain attacks are and learned the…

    Read More  
  • Turns out 78% of reported common CVEs on top DockerHub images are not really exploitable

    | 15 min read

    Research motivations Similarly to our previous research on “Secrets Detection,” during the development and testing of JFrog Xray’s new “Contextual Analysis” feature, we wanted to test our detection in a large-scale real-world use case, both for eliminating bugs and testing the real-world viability of our current solution. However, unlike the surprising results we got in our…

    Read More  
  • Common Payloads Attackers Plant in Malicious Software Packages

    | 9 min read

    In this third post in our series on Malicious Software Packages, we’ll focus on the aftermath of a successful attack and how the attacker executes payloads to serve their needs through various real-life scenarios. Before we start, let’s review a few highlights from the second post you might've missed: There are common types of infection methods…

    Read More  
  • Five Examples of Infection Methods Attackers Use to Spread Malicious Packages

    | 13 min read

    Welcome to the second post in our series on Malicious Software Packages. This post focuses on the infection methods attackers use to spread malicious packages, and how the JFrog Security research team unveiled them. If you missed the first blog, here are some key takeaways: Third-party software packages contain vulnerabilities or malicious code delivered through…

    Read More  
  • Malicious Packages Are a Rising Threat in Software Supply Chain Attacks

    | 7 min read

    Welcome to the first post in the malicious software packages series for the DevOps and DevSecOps community. This technical series will focus on various malicious packages and their effects on the software supply chain. We’ll dive deeper into malicious packages in each post, including  Defining software supply chain attacks and learning the critical role that malicious…

    Read More  
  • The Impact of CVE-2022-0185 Linux Kernel Vulnerability on Popular Kubernetes Engines

    | 7 min read

    Last week, a critical vulnerability identified as CVE-2022-0185 was disclosed, affecting Linux kernel versions 5.1 to 5.16.1. The security vulnerability is an integer underflow in the Filesystem Context module that allows a local attacker to run arbitrary code in the context of the kernel, thus leading to privilege escalation, container environment escape, or denial of…

    Read More