Welcome to the JFrog Blog

Latest:

Get to Know JFrog ML

March 4, 2025 William Manning, Senior Solution Architect, JFrog ML Sean Pratt, Senior Manager, Product Marketing, JFrog

6 min read

AI/ML development is getting a lot of attention as organizations rush to bring AI services into their business applications. While emerging MLOps practices are designed to make developing AI applications easier, the complexity and fragmentation of available MLOps tools often complicates the work of Data Scientists and ML Engineers, and lessens trust in what’s being…

Read More

All Blogs

FINMA Compliance: DevSecOps Strategies for Securing the Swiss Financial Ecosystem

FINMA Compliance: DevSecOps Strategies for Securing the Swiss Financial Ecosystem

February 24, 2025 Danny Parizada, JFrog Senior Solution Engineer | 6 min read

The Swiss Financial Market Supervisory Authority (FINMA) sets strict requirements to ensure that financial institutions operating in Switzerland maintain robust security and operational resilience. FINMA’s guidelines are crucial for protecting sensitive financial data, minimizing risks, and maintaining trust in the Swiss financial ecosystem. As part of that, software supply chain security plays an essential role…
Read More
JFrog Simplifies Compliance with India’s new CERT SBOM Guidelines

JFrog Simplifies Compliance with India’s new CERT SBOM Guidelines

February 12, 2025 Yashaswi Mudumbai, JFrog Senior Director of Solution Engineering Harel Avissar, JFrog Director of Product | 8 min read

Overview The Indian Computer Emergency Response Team (CERT-In) is the national agency responsible for addressing cybersecurity incidents in India. Established in 2004 and operating under the Ministry of Electronics and Information Technology (MeitY), CERT-In is dedicated to enhancing the security of India's digital infrastructure. The organization plays a vital role in preventing, detecting, and responding…
Read More
Everything You Need to Know About Evil Proxy Attacks and MFA Bypass

Everything You Need to Know About Evil Proxy Attacks and MFA Bypass

November 26, 2024 Yarin Zaddik, JFrog IR SecOps Engineer Orel Bitan, JFrog IR & SecOps Group Leader | 9 min read

Attackers use a malicious proxy server to intercept, monitor, and manipulate communication between a client and a legitimate server, often to steal credentials, session tokens, or other sensitive information. Some services provide "Phishing-as-a-Service" (PhaaS), offering attackers ready-made tools and infrastructure to conduct phishing campaigns. These services simplify the process of deceiving individuals into providing sensitive…
Read More
JFrog Achieves ISO/IEC 27001:2022

JFrog Achieves ISO/IEC 27001:2022

February 10, 2025 Tamar Ashtar, JFrog GRC Specialist | 3 min read

As part of JFrog's mission to continuously develop and uphold the highest industry standards in cyber security, we are excited to announce that we have successfully upgraded our ISO certification to the latest version, ISO/IEC 27001:2022. This achievement reinforces our dedication to protecting your data with the high standards of cyber and information security. Understanding…
Read More
NIS2 Compliance in 2025: Compliance Doesn’t Have to Mean Complexity

NIS2 Compliance in 2025: Compliance Doesn’t Have to Mean Complexity

February 6, 2025 Danny Parizada, JFrog Senior Solution Engineer | 5 min read

The Network and Information Systems Directive 2 (NIS2) is the European Union’s effort to fortify cybersecurity across critical industries and services. Building on the original NIS Directive, NIS2 has broadened its scope, introduced stricter requirements, and placed greater emphasis on supply chain security. Now that the October 2024 transposition deadline has passed, organizations must focus…
Read More
Top JFrog Security Research Discoveries of 2024

Top JFrog Security Research Discoveries of 2024

January 30, 2025 Ofri Ouzan, JFrog Security Research Batel Zohar, JFrog Developer Advocate | 7 min read

In our previous round-up of security research for 2023,  we mentioned our surprise at the large volume of 29,000 vulnerabilities that were reported two years ago.  But that didn’t prepare us for the astounding 40% increase, reported by Cyber Press, resulting in over 40,000 CVEs that were published over the past year in 2024. That…
Read More
CVE-2024-6197 Curl and Libcurl: Use-after-Free on the Stack

CVE-2024-6197 Curl and Libcurl: Use-after-Free on the Stack

December 18, 2024 Ben Gross, Security Researcher Yair Mizrahi, JFrog Security Research Team Leader | 12 min read

On July 24th 2024, Curl maintainers announced a new stack buffer Use After Free (UAF) vulnerability - CVE-2024-6197. This type of vulnerability is very uncommon since UAF issues usually occur on the heap and not on the stack. While the vulnerability can be easily exploited for causing denial of service, in this blog we will…
Read More
Machine Learning Bug Bonanza – Exploiting ML Clients and “Safe” Model Formats

Machine Learning Bug Bonanza – Exploiting ML Clients and “Safe” Model Formats

December 4, 2024 Shachar Menashe, JFrog VP Security Research Or Peles, JFrog Vulnerability Research Team Leader Ori Hollander, JFrog Security Researcher Uriya Yavnieli, JFrog Security Researcher | 15 min read

In our previous blog post in this series we showed how the immaturity of the Machine Learning (ML) field allowed our team to discover and disclose 22 unique software vulnerabilities in ML-related projects, and we analyzed some of these vulnerabilities that allowed attackers to exploit various ML services. In this post, we will again dive…
Read More
CVE-2024-10524 Wget Zero Day Vulnerability

CVE-2024-10524 Wget Zero Day Vulnerability

November 18, 2024 Goni Golan, Junior Security Researcher, JFrog Security | 8 min read

While researching CVE-2024-38428 in GNU’s Wget, our team found a new 0-day vulnerability. The vulnerability, later assigned CVE-2024-10524, may lead to various types of attacks - including phishing, SSRF, and MiTM. These attacks can have severe consequences such as resource restriction bypass and sensitive information exposure. Upon discovering this vulnerability, our team responsibly disclosed it…
Read More
Machine Learning Bug Bonanza – Exploiting ML Services

Machine Learning Bug Bonanza – Exploiting ML Services

November 4, 2024 Shachar Menashe, JFrog VP Security Research Or Peles, JFrog Vulnerability Research Team Leader Natan Nehorai, JFrog Application Security Researcher Ori Hollander, JFrog Security Researcher Uriya Yavnieli, JFrog Security Researcher | 18 min read

JFrog’s security research team continuously monitors open-source software registries, proactively identifying and addressing potential malware and vulnerability threats to foster a secure and reliable ecosystem for open-source software development and deployment. In our previous research on MLOps we noted the immaturity of the Machine Learning (ML) field often results in a higher amount of discovered…
Read More

Popular Tags