A few days ago, security researcher Neil Madden published a blog post, in which he provided details about a newly disclosed vulnerability in Java, CVE-2022-21449 or “Psychic Signatures”. This security vulnerability originates in an improper implementation of the ECDSA signature verification algorithm, introduced in Java 15.

You probably know the story of “the boy who cried ‘Wolf!’” In the ancient fable, villagers tire of a shepherd’s false alarms, and stop paying attention to them. That’s a lesson for software security teams, not just schoolchildren. Raising concerns about threats that turn out to be flimsy or false erodes the trust that binds your department, and even the faith your customers have in you.

A few days ago it was reported that the new Go versions 1.18.1 and 1.17.9 contain fixes for a stack overflow vulnerability in the encoding/pem builtin package, in the Decode function. Given the high popularity of Go among our customers and in the industry at large, this update led us to investigate the vulnerability in previous versions.

Introducing the newest member of the JFrog ecosystem team – Frogbot. This new git bot tool works for you by protecting your git projects, as they are being developed, from security vulnerabilities. Register for my talk “Bots to Protect your Source Code” swampUP 2022.

Four years ago the Clark School of engineering at the University of Maryland published a study quantifying that there is some kind of hacker attack happening every 39 seconds (on average). Which is unreal!! Source: University of Maryland A cyberattack can harm millions of people. Let’s take for example the Atlanta ransomware attack that used the infamous SamSam ransomware. The attackers asked for a ransom of $51,000.