JFrog Security Research recently discovered and disclosed multiple CVEs in oatpp-mcp – the Oat++ framework’s implementation of Anthropic’s Model Context Protocol (MCP) standard. Among these, CVE-2025-6515 stood out due to its potential threat of hijacking MCP session IDs. Within the context of MCP we’ve dubbed this new attack technique “Prompt Hijacking“. Your browser does not …
As the AI revolution accelerates, developers are being inundated with a dazzling array of new software packages and game-changing tools such as GitHub CoPilot, Sourcegraph, Qodo, Cursor, Goose, and others that promise incredible advances in productivity and impact. The excitement over this is high and just keeps on growing. Cyberattackers share equally in this excitement; …
Recently, the npm ecosystem has faced its third large-scale attack. Following the recent compromise of the nx packages and another wave targeting popular packages, the registry has once again been attacked. The first report came from Daniel Pereira, who identified a compromised package: @ctrl/tinycolor@4.1.1. By the end of the day, JFrog’s malware scanners had identified …
Duckdb, coveops/abi and more new packages discovered as compromised in the ongoing phishing campaign On September 8th, a malicious actor compromised the npm registry by publishing trojanized versions of 18 widely-used packages, after obtaining developers’ tokens in a phishing attack, as reported by Aikido. Massively popular packages such as “debug”, “chalk” and “ansi-styles” were compromised. …
JFrog Security Research recently discovered and disclosed multiple CVEs in the highly popular Chaos engineering platform – Chaos-Mesh. The discovered CVEs, which we’ve named Chaotic Deputy are CVE-2025-59358, CVE-2025-59360, CVE-2025-59361 and CVE-2025-59359. The last three Chaotic Deputy CVEs are critical severity (CVSS 9.8) vulnerabilities which can be easily exploited by in-cluster attackers to run arbitrary …
The JFrog Security Research team has recently discovered and disclosed CVE-2025-6514 – a critical (CVSS 9.6) security vulnerability in the mcp-remote project – a popular tool used by Model Context Protocol clients. The vulnerability allows attackers to trigger arbitrary OS command execution on the machine running mcp-remote when it initiates a connection to an untrusted …
Update 25/06/2025: After the publication of our blog, JFrog was contacted by a security team and was informed that the PyPI package was published as part of an internal security audit – “The PyPI package was not created with malicious intent and users were not targeted by unknown threat actors, the purpose of this simulation …
Last week, one of the biggest concerns in the cybersecurity industry created a crisis that was avoided at the last minute. On April 16th, 2025, the MITRE Corporation announced: “The current contracting pathway for MITRE to develop, operate, and modernize CVE and several other related programs, such as CWE, will expire.” Official letter from MITRE …
The JFrog Security Research team regularly monitors open source software repositories using advanced automated tools, in order to detect malicious packages. In cases of potential supply chain security threats, our research team reports any malicious packages that were discovered to the repository’s maintainers in order to have them removed. This blog provides an analysis of …
On March 21st, 2025, the Next.js maintainers announced a new authorization bypass vulnerability – CVE-2025-29927. This vulnerability can be easily exploited to achieve authorization bypass. In some cases – exploitation of the vulnerability can also lead to cache poisoning and denial of service. Which versions of Next.js are affected? Next.js 15.x – from version 15.0.0 …
