Welcome to the JFrog Blog

Latest:

Key Takeaways from Frogward Innovation Days in India

September 18, 2025 Prasanna Raghavendra, JFrog Senior Director of R&D

7 min read

At JFrog India, we recently wrapped up Frogward Innovation Days—a week-long celebration in Bangalore where internal teams from engineering, IT, marketing, sales ops, and support came together to collaborate, experiment, and solve real-world challenges. Before diving into the highlights, it’s worth sharing what makes Frogward Innovation Days unique. This isn’t just a week of fun…

Read More

All Blogs

swampUP 2025 Recap: The Quantum Shift in Software Delivery Requires a Unified Approach

swampUP 2025 Recap: The Quantum Shift in Software Delivery Requires a Unified Approach

September 17, 2025 The JFrog Team | 13 min read

And that’s a wrap! Held in beautiful Napa Valley, swampUP 2025, JFrog’s annual customer conference brought together developers, operations, security, compliance, and AI/ML leaders – all facing the same burning challenges posed by the AI-driven quantum shift in software delivery. In the keynotes, breakout sessions, and side-conversations over wine and coffee, a common theme was…
Read More
Shai-Hulud npm supply chain attack – new compromised packages detected

Shai-Hulud npm supply chain attack – new compromised packages detected

September 16, 2025 Andrey Polkovnichenko, JFrog Security Researcher | 6 min read

Recently, the npm ecosystem has faced its third large-scale attack. Following the recent compromise of the nx packages  and another wave targeting popular packages, the registry has once again been attacked.   The first report came from Daniel Pereira, who identified a compromised package: @ctrl/tinycolor@4.1.1. By the end of the day, JFrog’s malware scanners had…
Read More
Chaotic Deputy: Critical vulnerabilities in Chaos Mesh lead to Kubernetes cluster takeover

Chaotic Deputy: Critical vulnerabilities in Chaos Mesh lead to Kubernetes cluster takeover

September 16, 2025 Natan Nehorai, JFrog Application Security Researcher | 11 min read

JFrog Security Research recently discovered and disclosed multiple CVEs in the highly popular Chaos engineering platform - Chaos-Mesh. The discovered CVEs, which we’ve named Chaotic Deputy are CVE-2025-59358, CVE-2025-59360, CVE-2025-59361 and CVE-2025-59359. The last three Chaotic Deputy CVEs are critical severity (CVSS 9.8) vulnerabilities which can be easily exploited by in-cluster attackers to run arbitrary…
Read More
New compromised packages identified in largest npm attack in history

New compromised packages identified in largest npm attack in history

September 9, 2025 Andrey Polkovnichenko, JFrog Security Researcher | 3 min read

Duckdb, coveops/abi and more new packages discovered as compromised in the ongoing phishing campaign On September 8th, a malicious actor compromised the npm registry by publishing trojanized versions of 18 widely-used packages, after obtaining developers’ tokens in a phishing attack, as reported by Aikido. Massively popular packages such as "debug", "chalk" and "ansi-styles" were compromised.…
Read More
The AI/ML Regulatory Landscape and How to Stay Ahead

The AI/ML Regulatory Landscape and How to Stay Ahead

September 11, 2025 Paul Davis, Field CISO | 5 min read

The entire world of technology is abuzz about AI/ML. It’s arguably the most disruptive technology to society since the smartphone. In fact, Gartner estimates that the number of companies using open-source AI directly will increase tenfold by 2027. While this rapid advance is fueling quantum leaps in innovation, it also ignites increasing scrutiny from regulatory…
Read More
JFrog swampUP 2025: News and Updates Live From the Show Floor

JFrog swampUP 2025: News and Updates Live From the Show Floor

September 9, 2025 The JFrog Team | 33 min read

Live updates from this event have concluded. JFrog’s annual user conference, swampUP 2025, is the ultimate gathering of the brightest minds in DevOps, DevSecOps, and MLOps where they exchange ideas, insights and practical strategies for navigating this transformation while amplifying trust, traceability, and transparency in the era of intelligent software. Here are live keynote updates…
Read More
JFrog and GitHub: Next-Level DevSecOps

JFrog and GitHub: Next-Level DevSecOps

September 10, 2025 Paul Garden, JFrog Partner and Industry Solutions | 6 min read

Most DevSecOps pipelines have a gap: source code security and binary security are handled in separate silos. This creates blind spots, slows teams down, and increases risk. At swampUP 2025, we’re unveiling the next evolution of the JFrog and GitHub integration, a deeply integrated DevSecOps experience that unifies best-of-breed code and binary platforms. With JFrog…
Read More
Stop the Chaos: How to Centralize, Secure, and Control Developer Extensions

Stop the Chaos: How to Centralize, Secure, and Control Developer Extensions

September 10, 2025 Achinoam Katsoff-Sitton, JFrog Product Marketing Manager, DevOps | 4 min read

Picture this: A new developer joins your team, excited to start contributing. On day one, they spend hours installing and configuring their IDE, searching for the "right" extensions. Their setup ends up being completely different from everyone else's. Sound familiar? Worse yet, what if that "productivity-boosting" extension or new MCP server they just installed also…
Read More
Announcing JFrog AppTrust: Building Unshakeable Trust in Every Application You Deliver

Announcing JFrog AppTrust: Building Unshakeable Trust in Every Application You Deliver

September 9, 2025 Eyal Dyment, JFrog VP Security | 7 min read

The pressure to deliver applications quickly has created a complex software supply chain that is vulnerable to more  threats than ever before. New regulations are shifting the liability to software developers, demanding auditable proof of security across the entire product lifecycle. Caught between velocity and complexity, the critical question is this: Can you truly vouch…
Read More

Popular Tags