Ori Hollander
JFrog Security ResearcherOri is a Security Researcher at JFrog Security. Ori’s background includes more than 10 years in cyber security, with experience in reverse engineering and security research. Before joining Vdoo and JFrog, Ori spent five years in the tech unit of the Israeli Defense Force.
The Latest From Ori Hollander
-
Machine Learning Bug Bonanza – Exploiting ML Clients and “Safe” Model Formats
| 15 min readIn our previous blog post in this series we showed how the immaturity of the Machine Learning (ML) field allowed our team to discover and disclose 22 unique software vulnerabilities in ML-related projects, and we analyzed some of these vulnerabilities that allowed attackers to exploit various ML services. In this post, we will again dive…
Read More -
Machine Learning Bug Bonanza – Exploiting ML Services
| 18 min readJFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment. In our previous research on MLOps we noted the immaturity of the Machine Learning (ML) field often results in a higher amount of discovered…
Read More -
From MLOps to MLOops: Exposing the Attack Surface of Machine Learning Platforms
| 26 min readNOTE: This research was recently presented at Black Hat USA 2024, under the title “From MLOps to MLOops - Exposing the Attack Surface of Machine Learning Platforms”. The JFrog Security Research team recently dedicated its efforts to exploring the various attacks that could be mounted on open source machine learning (MLOps) platforms used inside organizational…
Read More -
Watch out for DoS when using Rust’s popular Hyper package
| 5 min readThe JFrog Security Research team is constantly looking for new and previously unknown vulnerabilities and security issues in popular open-source projects to help improve their security posture and defend the wider software supply chain. As part of this effort, we recently discovered and disclosed multiple vulnerabilities in popular Rust projects such as Axum, Salvo and…
Read More