Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We are pleased to announce that the annual Trustees Report for The Cyber Helpline is now available. This report highlights our financial statements and ongoing work to provide immediate, expert cybersecurity support to those who need it.

The JFrog Security Research team regularly monitors open source software repositories using advanced automated tools, in order to detect malicious packages. In cases of potential supply chain security threats, our research team reports any malicious packages that were discovered to the repository’s maintainers in order to have them removed. This blog provides an analysis of the ccxt-mexc-futures malicious package which aims to leak crypto currency trading credentials.

In today’s digital-first world, cyber threats are not only increasing in volume, but they’re also becoming more targeted, coordinated, and expensive. According to IBM’s Cost of a Data Breach Report 2024, the global average data breach cost has reached USD 4.88 million, a 10% increase over last year and the highest total recorded to date.

As global privacy requirements evolve, many information security professionals are called upon to enhance or lead information privacy programs. While this transition may seem like a natural progression, I learned five important lessons when I moved from a focus on security and audit to the field of information privacy.

With NIS 2 becoming part of national laws, compliance has become mandatory for organizations within its scope. ‍ Although NIS 2 has addressed some of its predecessor’s shortcomings by expanding its scope and setting clearer security and reporting requirements, it remains demanding for security and compliance teams. Its prescriptive guidance and requirements are still limited in certain areas, which can leave teams uncertain about the exact steps to take.

Secrets sprawl is a growing cybersecurity challenge, especially with NHIs. GitGuardian's new NHI Governance product offers centralized inventory and lifecycle management to help enterprises regain control over their secrets and prevent costly breaches.

Security teams are faced with an ongoing challenge when it comes to exposure and vulnerability management. It’s not the actual discovery of the vulnerability that poses the challenge, but what to do once you discover one. Without a structured process, IT and security teams struggle to address vulnerabilities efficiently, and are in a constantly reactive mode, and struggle to address vulnerabilities efficiently, increasing potential risks.

Researchers at Foresiet have analyzed a Remote Access Trojan (RAT) known as NetSupport Manager. Originally developed as a legitimate remote access and IT support tool, NetSupport Manager has a history spanning over two decades. It provides features such as file transfer, remote desktop sharing, chat support, screen monitoring, and inventory tracking. However, in recent years, threat actors have increasingly weaponized this tool in malicious campaigns.

The answer depends on who you ask – and how they approach threat detection.

We have become so reliant on communicating on the Internet that sometimes we need to take a minute to consider how our data is being protected and whether what we send on the Internet is truly safe. While end-to-end encryption has become integral to protecting our data online, you may be thinking, can end-to-end encryption be hacked?