Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Reimagining Trust in Software Releases: A New Approach to Supply Chain Integrity (Part 1)

Oct 6, 2025 By JFrog In JFrog
Only secure, verified, compliant software should reach production. Full stop. With increasing pressure on modern development teams to deliver across security and compliance requirements, a fully-secured, attestable pipeline demands complete visibility and control across the entire release lifecycle in a single solution.
View Video

DevSecOps Unlocked: Fortify Your Software Supply Chain

Oct 3, 2025 By JFrog In JFrog
How can you ensure your software supply chain is resilient and prepared for the challenges ahead? In this exclusive session, we’ll reflect on key lessons from 2024 and showcase how JFrog is leading the way in securing DevOps pipelines for 2025 and beyond. Join us for an engaging conversation with industry experts as we uncover real-world insights, explore actionable strategies, and demonstrate innovations designed to safeguard your software delivery lifecycle in an evolving threat landscape.
View Video
jfrog

From Silos to Synergy: Unifying Your Security Tools for a Stronger More Resilient Software Supply Chain

Oct 1, 2025 By Paul Davis In JFrog
In the race to secure today’s ever-expanding attack surface, many companies have made a practice of using a mix of tools to monitor, assess, and remediate threats. This practice has resulted in a fragmented and chaotic landscape of security solutions across several teams, increasing complexity and forcing companies to have a reactive vs. proactive security posture.
Read Post
jfrog

Shifting Security 'Lefter' Than Left Is The Key To Avoiding Risky Packages

Sep 19, 2025 By Asaf Karas In JFrog
As the AI revolution accelerates, developers are being inundated with a dazzling array of new software packages and game-changing tools such as GitHub CoPilot, Sourcegraph, Qodo, Cursor, Goose, and others that promise incredible advances in productivity and impact. The excitement over this is high and just keeps on growing.
Read Post
jfrog

swampUP 2025 Recap: The Quantum Shift in Software Delivery Requires a Unified Approach

Sep 17, 2025 By The JFrog Team In JFrog
And that’s a wrap! Held in beautiful Napa Valley, swampUP 2025, JFrog’s annual customer conference brought together developers, operations, security, compliance, and AI/ML leaders – all facing the same burning challenges posed by the AI-driven quantum shift in software delivery. In the keynotes, breakout sessions, and side-conversations over wine and coffee, a common theme was made clear: a unified Software Supply Chain platform is essential to thrive in the new reality.
Read Post
jfrog

Chaotic Deputy: Critical vulnerabilities in Chaos Mesh lead to Kubernetes cluster takeover

Sep 16, 2025 By Natan Nehorai In JFrog
JFrog Security Research recently discovered and disclosed multiple CVEs in the highly popular Chaos engineering platform – Chaos-Mesh. The discovered CVEs, which we’ve named Chaotic Deputy are CVE-2025-59358, CVE-2025-59360, CVE-2025-59361 and CVE-2025-59359. The last three Chaotic Deputy CVEs are critical severity (CVSS 9.8) vulnerabilities which can be easily exploited by in-cluster attackers to run arbitrary code on any pod in the cluster, even in the default configuration of Chaos-Mesh.
Read Post
jfrog

Stop the Chaos: How to Centralize, Secure, and Control Developer Extensions

Sep 10, 2025 By Achinoam Katsoff-Sitton In JFrog
Picture this: A new developer joins your team, excited to start contributing. On day one, they spend hours installing and configuring their IDE, searching for the “right” extensions. Their setup ends up being completely different from everyone else’s. Sound familiar? Worse yet, what if that “productivity-boosting” extension or new MCP server they just installed also secretly opened a backdoor in your codebase?
Read Post
jfrog

JFrog and GitHub: Next-Level DevSecOps

Sep 10, 2025 By Paul Garden In JFrog
Most DevSecOps pipelines have a gap: source code security and binary security are handled in separate silos. This creates blind spots, slows teams down, and increases risk. At swampUP 2025, we’re unveiling the next evolution of the JFrog and GitHub integration, a deeply integrated DevSecOps experience that unifies best-of-breed code and binary platforms.
Read Post
jfrog

Largest npm Attack in History - Updated

Sep 9, 2025 By Andrey Polkovnichenko In JFrog
(Nov 26, 2025) JFrog continues to track, provide research and document a second wave of the Shai-Hulud Software Supply Chain Attack. Following the initial campaign, threat actors have returned with more advanced tactics, compromising an additional 621 new malicious packages across leading public registries.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.