Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

jfrog

New .NET Malware "WhiteSnake" Targets Python Developers, Uses Tor for C&C Communication

Apr 24, 2023 By Andrey Polkovnychenko In JFrog

The JFrog Security Research team recently discovered a new malware payload in the PyPI repository, written in C#. This is uncommon since PyPI is primarily a repository for Python packages, and its codebase consists mostly of Python code, or natively compiled libraries used by Python programs. This finding raised our concerns about the potential for cross-language malware attacks.

Read Post
jfrog

Software Supply Chain Security at RSA Conference 2023

Apr 24, 2023 By Huz Dalal In JFrog

The risk of supply chain attacks increases as more companies rely on third-party vendors and suppliers for critical services and products. Supply chain attacks have become increasingly prominent in recent years. In 2022, for instance, supply chain attacks surpassed the number of malware-based attacks by 40%.

Read Post

Secrets Detection JFrog Security Workshop

Apr 20, 2023 By JFrog In JFrog
In today's software development world, developers rely on numerous secrets, including API keys, credentials, and passwords to facilitate seamless interaction between application components as they code. Failing to remove these secrets can have disastrous consequences for businesses, making it essential to find and fix them before release.
View Video
jfrog

Analyzing Impala Stealer - Payload of the first NuGet attack campaign

Apr 10, 2023 By Ori Hollander In JFrog

In this blog post, we’ll provide a detailed analysis of a malicious payload we’ve dubbed “Impala Stealer”, a custom crypto stealer which was used as the payload for the NuGet malicious packages campaign we’ve exposed in our previous post. The sophisticated campaign targeted.NET developers via NuGet malicious packages, and the JFrog Security team was able to detect and report it as part of our regular activity of exposing supply chain attacks.

Read Post
jfrog

Save time fixing security vulnerabilities much earlier in your SDLC

Mar 22, 2023 By Paul Garden In JFrog

Are you or your development team tired of using application security tools that generate countless results, making it difficult to identify which vulnerabilities pose actual risks? Do you struggle with inefficient or incorrect prioritization due to a lack of context? What adds insult to injury is that traditional CVSS scoring methods ignore critical details like software configurations and security mechanisms.

Read Post

2023 Security Prediction & Trends for DevOps: Smarter Protection with Data & Intelligence

Mar 21, 2023 By JFrog In JFrog
Earlier this year, JFrog’s Security Research Team performed in-depth analysis of the top 10 most prevalent vulnerabilities in 2022 and found the severity rating of most CVEs were surprisingly OVERRATED. In this on-demand webinar session, you will learn: Here we’ll discuss how organizations can make better decisions, get better processes and use better tools for their DevOps security initiatives in 2023.
View Video
jfrog

Attackers are starting to target .NET developers with malicious-code NuGet packages

Mar 20, 2023 By Natan Nehorai In JFrog

Malicious packages are often spread by the open source NPM and PyPI package repositories, with few other repositories affected. Specifically – there was no public evidence of severe malicious activity in the NuGet repository other than spam packages used for spreading phishing links. As with other repositories, the JFrog Security Research team regularly monitors the NuGet repository for malicious packages, including manual analysis of suspicious code.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.