The JFrog Security research team continuously monitors popular open source software (OSS) repositories with our automated tooling to detect and avert potential software supply chain security threats. After validating the findings, the team reports any security vulnerabilities or malicious packages discovered to repository maintainers and the wider community.

Zero day attacks consist of almost 80% of all malware attacks. Take a look at some recent attacks and learn how to prevent them. You work hard to secure your business network. Yet determined hackers probe persistently until they find a software vulnerability you don’t know about. They use this previously unknown and unpatched flaw.

2021 brought a new wave of cyberattacks that proved to be detrimental to the era of digitization. With more and more industries embracing work from home and treading into the digital world, an increase in network vulnerabilities is inevitable; however, neglecting to address these unseen vulnerabilities can make organizations targets for cybercriminals.

The flip side of ubiquitous digital transformation and increased reliance on remote work due to the pandemic is that malicious actors get more opportunities to strike. Security perimeters are no longer distinct, and the range of potentially vulnerable enterprise assets is dynamically swelling. As a result, companies big and small are sailing into the perfect storm of cybercrime.

The flip side of ubiquitous digital transformation and increased reliance on remote work due to the pandemic is that malicious actors get more opportunities to strike. Security perimeters are no longer distinct, and the range of potentially vulnerable enterprise assets is dynamically swelling. As a result, companies big and small are sailing into the perfect storm of cybercrime.

In 2021, the WhiteSource Diffend automated malware detection platform detected and reported more than 1,200 malicious npm packages that were responsible for stealing credentials and crypto, as well as for running botnets and collecting host information from machines on which they were installed.

BlackCat (also known as ALPHV) is a relatively new ransomware-as-a-service (RaaS) operation, which has been aggressively recruiting affiliates from other ransomware groups and targeting organisations worldwide.

Your Microsoft 365 data is a prime target for ransomware. Attackers know that Microsoft 365 lives directly in the path of business-critical operations now more than ever. As highlighted by Mandiant – one of the industry's leading cyber security firms – this translates to “targeted threat groups investing a lot of time and money into understanding Office 365 and understanding how to attack it.”

WannaCry malware was first discovered in May 2017 and a patch was released roughly two months prior to its public release. However, 230,000 computers were globally affected by WannaCry as of 3/31/2021. It is unfortunate to hear, but many companies remain vulnerable to this attack due to unpatched systems. We often see that by the time some companies update their systems, they have already experienced a breach.

CISA recently advised U.S. business leaders to protect their companies from destructive malware that has been seen targeting Ukraine. This emphasizes the importance of having the right technologies in place. The automated detection and protection capabilities of the CrowdStrike Falcon platform protect customers from this malware, provide them with visibility into their environments and allow for intelligent monitoring of cloud resources.