Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

jfrog

CVE-2024-38428 Wget Vulnerability: All you need to know

Aug 12, 2024 By Goni Golan In JFrog
On Sunday, June 2nd 2024, a fix commit was pushed for a vulnerability in GNU’s popular Wget tool. Two weeks later, the vulnerability was assigned the ID CVE-2024-38428 and later was classified as a critical vulnerability – with a CVSS score of 9.1. In this blog, we take a dive deep into this threat by seeing what caused it, what consequences it might have, and how it can be mitigated.
Read Post

MLOps & the Role of GenAI in Securing the Software Supply Chain

Aug 2, 2024 By JFrog In JFrog
Artificial Intelligence and Machine Learning have hit the mainstream – particularly the use of Gen AI and LLMs to help organizations automate manual processes and analyze data at machine speed with dramatic results. How can ML and Gen AI help DevOps teams better secure the software supply chain? As the volume of code grows exponentially, these evolving technologies offer new, more efficient means to secure, deliver and scale software – but with accompanying risks that must be mitigated.
View Video
jfrog

Point Solutions vs Platform - Which is Best to Secure your Software Supply Chain?

Jul 25, 2024 By Shani Achwal In JFrog
According to Gartner, almost two-thirds of U.S. businesses were directly impacted by a software supply chain attack. So it’s not a question of whether to secure your software supply chain, but rather what is the most effective and efficient way to provide end-to-end security during all phases of the software development lifecycle (SDLC). Download the Ebook.
Read Post

#DevSecOps Essentials: Operating Confidently with Trusted Packages

Jul 23, 2024 By JFrog In JFrog
Join JFrog’s Senior Solution Engineer, Mike Holland, and Technical Success Manager, Harpreet Singh, as they showcase the power of the JFrog Software Supply Chain platform. Designed to detect third-party components, track dependencies, and enforce compliance, this platform is essential for efficient and reliable software development. In this session, you'll learn.
View Video
jfrog

Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine

Jul 9, 2024 By Andrey Polkovnichenko In JFrog
The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub.
Read Post
jfrog

When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI

Jun 27, 2024 By Natan Nehorai In JFrog
In the rapidly evolving fields of large language models (LLMs) and machine learning, new frameworks and applications emerge daily, pushing the boundaries of these technologies. While exploring libraries and frameworks that leverage LLMs for user-facing applications, we came across the Vanna.AI library – which offers a text-to-SQL interface for users – where we discovered CVE-2024-5565, a remote code execution vulnerability via prompt injection techniques.
Read Post
jfrog

JFrog4JFrog: DevSecOps Made Simple

Jun 17, 2024 By Batel Zohar In JFrog
Developers simply want to write code without interruption, while operations wish to build as fast as possible and deploy without restrictions. On the other hand, security professionals want to protect every step of the software supply chain from any potential security threats and vulnerabilities. In software development, every piece of code can potentially introduce vulnerabilities into the software supply chain.
Read Post
jfrog

GitHub and JFrog Partner To Unify Code and Binaries for DevSecOps

May 29, 2024 By Thomas Dohmke In JFrog
As the volume of code continues to grow exponentially, software developers, DevOps engineers, operations teams, security specialists, and everyone else who touches code are increasingly spending their time in the weeds of securing, delivering, and scaling software. This bottles up creativity and ultimately slows software development for every organization.
Read Post
jfrog

The basics of securing GenAI and LLM development

May 28, 2024 By Sean Pratt In JFrog
With the rapid adoption of AI-enabled services into production applications, it’s important that organizations are able to secure the AI/ML components coming into their software supply chain. The good news is that even if you don’t have a tool specifically for scanning models themselves, you can still apply the same DevSecOps best practices to securing model development.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.