Last week, one of the biggest concerns in the cybersecurity industry created a crisis that was avoided at the last minute. On April 16th, 2025, the MITRE Corporation announced: โThe current contracting pathway for MITRE to develop, operate, and modernize CVE and several other related programs, such as CWE, will expire.โ Official letter from MITRE โฆ
On March 21st, 2025, the Next.js maintainers announced a new authorization bypass vulnerability โ CVE-2025-29927. This vulnerability can be easily exploited to achieve authorization bypass. In some cases โ exploitation of the vulnerability can also lead to cache poisoning and denial of service. Which versions of Next.js are affected? Next.js 15.x โ from version 15.0.0 โฆ
Update: This issue was discovered and disclosed independently to Keras by JFrogโs research team and Peng Zhou. Machine learning frameworks often rely on serialization and deserialization mechanisms to store and load models. However, improper code isolation and executable components in the models can lead to severe security risks. The structure of the Keras v3 ML Model โฆ
In our previous round-up of security research for 2023, we mentioned our surprise at the large volume of 29,000 vulnerabilities that were reported two years ago. But that didnโt prepare us for the astounding 40% increase, reported by Cyber Press, resulting in over 40,000 CVEs that were published over the past year in 2024. That โฆ
With over 29,000 CVEs and 5.5 billion malware attacks recorded in the past year, itโs no wonder that software supply chain security is a top priority for enterprise developers on a global scale. That is also why JFrog Security Research has been instrumental in identifying and analyzing the biggest threats and devising methods to protect โฆ
When scanning packages, CVE (Common Vulnerabilities and Exposures) scanners can find thousands of vulnerabilities. This leaves developers with the painstaking task of sifting through long lists of vulnerabilities to identify the relevance of each, only to find that many vulnerabilities donโt affect their artifacts at all. Vulnerability Contextual Analysis uses the artifact context to eliminate โฆ
As part of our ongoing efforts to offer you the most comprehensive and advanced SDLC protection capabilities, JFrog continues to boost the capabilities of our JFrog Xray security and compliance product. In this blog, we offer an overview of recent Xray improvements, all aimed at helping you fortify your software, reduce risk, scale security, streamline โฆ
