Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A recent stack buffer overflow vulnerability in Redis, assigned CVE-2025-62507, was fixed in version 8.3.2. The issue was published with a high severity rating and assigned a CVSS v3 score of 8.8. According to the official advisory, “a user can run the XACKDEL command with multiple IDs and trigger a stack buffer overflow, which may potentially lead to remote code execution”.

At JFrog, our mission has long been to power the future of software, and we believe that future is undeniably cloud-native. This is why we’ve architected our platform as a container-first, Kubernetes-native SaaS—built for performance at scale on the world’s leading cloud infrastructure. Our deep commitment to cloud excellence has reached a major milestone in our long-standing collaboration with Amazon Web Services (AWS): JFrog has achieved AWS Security Competency status.

Why security-first platforms, outcome-based services and value-driven pricing will define software delivery in an increasingly complex AI-world.

Effectively protecting your software supply chain has reached a critical turning point where the traditional strategy of patching together “best of breed” or point AppSec solutions is no longer sustainable.

Securing your Docker containers just got a lot easier. On December 17, Docker announced that their catalog of over 1,000 Docker Hardened Images (DHI)—previously a premium-only feature—is now free and open source. This big change means every developer can now start their Dockerfile with a minimalist, near-zero CVE, SLSA Level 3 compliant foundation.

Imagine this. Your phone rings on January 2nd, and it’s your DevSecOps and AppSec groups. A major security vulnerability is exposing your business, and your teams are trying desperately to find and fix it to protect your data. You probably have scars as far back as Log4j, as well as threats from more recent incidents like npm attacks, Glassworm and others ringing in your ears. With CVEs expected to rise by tens of thousands a year, you can envision that the situation will only worsen.

The pressure to integrate AI is immense. Your developers need to move fast, and they’re finding ways to get the job done. But this rush for innovation often happens outside of established governance, creating a sprawling, invisible risk known as Shadow AI. To secure your organization, you must first understand what Shadow AI actually is. It’s not just a developer downloading a file to their laptop. Shadow AI is the totality of unmanaged AI assets within your supply chain.

JFrog continues to track and provide updates on React2Shell at research.jfrog.com.

JFrog Security Research found 3 zero-day critical vulnerabilities in PickleScan, which would allow attackers to bypass the most popular Pickle model scanning tool. PickleScan is a widely used, industry-standard tool for scanning ML models and ensuring they contain no malicious content.

It’s well-known that Databricks is a world-class platform for data engineering and ML experimentation. Yet, for most organizations, the challenge isn’t building models; it’s the complex journey from a model in a notebook to a secure, governed, and production-ready application. In this blog, we’ll show you how integrating the JFrog Platform with Databricks bridges that gap.