The typosquatted “@acitons/artifact” package targeted GitHub’s CI/CD workflows, stealing tokens and publishing malicious ...
Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate " ...
A critical vulnerability in the popular expr-eval JavaScript library, with over 800,000 weekly downloads on NPM, can be ...
Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities ...
The security research team at JFrog, a provider of a platform for building and deploying software, have discovered a critical vulnerability in a node ...
Thank you, Nicole. Good afternoon, and thank you for joining us as we review JFrog's Third Quarter 2025 Financial Results, which were announced following the market close today via press release.
PROMPTFLUX: Experimental malware, a VBScript dropper with obfuscation, that abuses the Google Gemini API to dynamically rewrite its own source code. PROMPTLOCK: Another experimental strain of malware, ...
Researchers say the malware was in the repository for two weeks, advise precautions to defend against malicious packages.
The Backend-for-Frontend pattern addresses security issues in Single-Page Applications by moving token management back to the ...
Software supply chain security firm JFrog has disclosed the details of a critical vulnerability affecting a popular React ...
Security researchers at software supply chain company JFrog Ltd. today revealed details of a critical vulnerability in React, ...
Endor Labs analyzed more than 10,000 GitHub repositories and tested AI coding agents across major ecosystems, such as PyPI, npm, Maven, and NuGet, to determine which recommended dependencies were real ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback