Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In a bad dream, you open the closet. You think you know exactly what’s in there: a few SSH keys, a bunch of TLS certificates, and some secrets like API keys locked in what you believe to be a safe place. But pull it all out and suddenly you find yourself face-to-face with stacks of forgotten ciphers, drawers stuffed with expired certificates, and algorithms in use you thought teams had left behind in 2011. And that’s just for one application.

The old phrase “we’re only human, after all” is what cyber-adversaries are relying upon to gain access to intellectual property, data, and credentials. Adversaries prey on the humanity in us to read an unsolicited email, act out of a sense of urgency, or succumb to their scare tactics. We are bombarded with social engineering scams daily. Why do some of us fall victim while others see through veiled attempts at getting us to relinquish something of value?

On August 26, 2025, Nx, the popular build platform with millions of weekly downloads, was compromised with credential-harvesting malware. Using GitGuardian's monitoring data, we analyzed the exfiltrated credentials and reconstructed a fuller scope of exposure.

I still remember the soft whir of the server room fans and that faint smell of ozone when we, a team of cybersecurity analysts, traced a spike in traffic to a “harmless” low-code workflow. A store manager had built a nifty dashboard to pull sales numbers. It looked tidy, almost playful – boxes, arrows, green check marks. Under the hood, it was hitting an internal API without proper authentication.

Shared workstations are essential to productivity in manufacturing, but they can also create blind spots in your organization’s security. Inadequate identity verification, poor security practices, and a lack of accountability make them a prime target for ransomware, phishing, and insider attacks. Security leaders often aren’t sure about where to begin when securing shared workstations.

Open-source software repositories have become one of the main entry points for attackers as part of supply chain attacks, with growing waves using typosquatting and masquerading, pretending to be legitimate. The JFrog Security Research team regularly monitors open-source software repositories using advanced automated tools, in order to detect malicious packages.

During a recent Advanced Continual Threat Hunt (ACTH) investigation, the Trustwave SpiderLabs Threat Hunt team identified a deceptive campaign that abused fake AI-themed content to lure users into executing a malicious, pre-configured ScreenConnect installer.

More than 16 billion passwords, cookies and tokens were recently exposed in one of the largest data breaches in history. The scale of the theft, with data from services including Google, Apple, Facebook, Amazon and Microsoft, makes one conclusion clear: credentials are the first step in compromising critical data.

In our 2025 State of the Underground report, we found that 384 unique varieties of malware were sold across the top three criminal forums in 2024, a 10% increase from 349 in 2023, signifying an expansion in the underground malware marketplace. These figures reflect malware explicitly offered for sale (not shared freely), and each distinct version or naming variation is counted independently.

In our previous post, we highlighted a key insight from the 2025 KuppingerCole Leadership Compass: securing AI depends on securing APIs first. The report emphasizes that as AI use grows, the attack surface for APIs becomes more complex and risky. With many solutions available, navigating vendor claims can be challenging, making independent expert analysis extremely valuable.