JFrog Security Research
Our dedicated team of security engineers and researchers are committed to advancing software security through discovery, analysis, and exposure of new vulnerabilities and attack methods.
Our dedicated team of security engineers and researchers are committed to advancing software security through discovery, analysis, and exposure of new vulnerabilities and attack methods.
Latest from JFrog’s Security Blog
Latest vulnerabilities discovered by the team
JFrog security researchers and engineers collaborate to create advanced vulnerability scanners, built on a deep understanding of attackers’ techniques.
We use our automated scanners to help the community by continually identifying new vulnerabilities in publicly available software packages and disclosing them.
Latest malicious packages disclosed by the team
Given the widespread use of open-source software (OSS) packages in modern application development, public OSS repositories have become a popular target for supply chain attacks.
To help foster a secure environment for developers, the JFrog Security research team continuously monitors popular repositories with our automated tooling, and reports malicious packages discovered to repository maintainers and the wider community.
-
xiedemo – an infostealerpypi
pypi•<1k total downloads
Pu
