Welcome to the JFrog Blog

Latest from Xray :

Elevate and Streamline Your Developer Experience with JFrog-Coder Fusion

April 10, 2024 Yonatan Arbel, Developer Advocate

5 min read

It’s a scenario many developers know all too well: a configuration works flawlessly for one team member but doesn’t work for you. Starting a new job brings with it the excitement of fresh challenges and opportunities. However, it also entails the often painful task of setting up your development environment—a process that can be both…

Read More
*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 1 of 2

*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 1 of 2

January 17, 2024 adia | 14 min read

The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library - CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11’s latest versions contain fixes for these vulnerabilities. The team constantly monitors open-source projects to find…
Read More
Top JFrog Security Research Blogs of the Year

Top JFrog Security Research Blogs of the Year

January 12, 2024 drewt | 9 min read

With over 29,000 CVEs and 5.5 billion malware attacks recorded in the past year, it's no wonder that software supply chain security is a top priority for enterprise developers on a global scale. That is also why JFrog Security Research has been instrumental in identifying and analyzing the biggest threats and devising methods to protect…
Read More
What is JFrog Security?

What is JFrog Security?

January 8, 2024 zoer | 8 min read

The security of the software supply chain is rapidly becoming a paramount concern for organizations — and for good reason. With the increasing number of published Common Vulnerabilities and Exposures (CVEs), developers face the challenge of delivering software faster than ever before. However, in their quest for speed, many dev and security teams have resorted…
Read More
SSH protocol flaw – Terrapin Attack CVE-2023-48795: All you need to know

SSH protocol flaw – Terrapin Attack CVE-2023-48795: All you need to know

December 25, 2023 adia | 13 min read

The SSH Terrapin attack (CVE-2023-48795) has recently caught attention, targeting the SSH protocol security by truncating cryptographic information. The inherent flaw in the SSH protocol itself affects a wide range of SSH client and server implementations. Following our initial research communication, this post will detail its fundamentals and impact. Affected Implementations Terrapin Attack Exploitation Impacts…
Read More
N-Day Hijack: Analyzing the lifespan of package hijacking attacks

N-Day Hijack: Analyzing the lifespan of package hijacking attacks

December 14, 2023 zoer | 8 min read

Software package hijacking has become a prominent concern for individuals, businesses, and the cybersecurity community at large. We’ve seen this new threat trend rise over the past couple of years, with the potential to severely impact the software supply chain by attackers exploiting software packages to execute malicious code. This blog post details a case…
Read More
How to Combine Speed and Trust in Enterprise Software Development

How to Combine Speed and Trust in Enterprise Software Development

November 23, 2023 drewt | 4 min read

Software development begins with code, which is then integrated, compiled, tested, and in the end distributed to users. This is often the secret sauce of innovation that organizations must protect to keep their competitive edge. With the software application development market growing at almost 30% per year and the average project taking just 4-6 months…
Read More
Unlock 2024 at DevSecOps EMEA this November in London

Unlock 2024 at DevSecOps EMEA this November in London

November 2, 2023 adia | 5 min read

It’s November already, and while some may think it’s a perfect time to start winding down the year, here at JFrog we’re getting warmed up to bring Europe - and more specifically the U.K. - all sorts of DevSecOps excitement this winter! It’s no secret that Europe as a whole has been a pioneer in…
Read More
International Cyber Security Month Tips

International Cyber Security Month Tips

October 31, 2023 adia | 3 min read

Securing your software supply chain is crucial for ensuring the integrity and security of the software you develop and deliver. Here are the top 8 security best practices for a secure software supply chain. Tip # 1: Security Awareness Training Security awareness starts at the core of your organization. Educate your development and operations teams…
Read More
Arbitrary File Creation vulnerability in plexus-archiver – CVE-2023-37460

Arbitrary File Creation vulnerability in plexus-archiver – CVE-2023-37460

October 24, 2023 adia | 7 min read

The JFrog Security research team constantly monitors open-source projects to find new vulnerabilities or malicious packages and share them with the wider community to help improve their overall security posture. As part of this effort, the team recently discovered a new security vulnerability in plexus-archiver, an archive creation and extraction package. plexus-archiver is used in…
Read More

Popular Tags