Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Software supply chains are the attack vector for cybercriminals, and the challenge isn’t just finding vulnerabilities; it’s fixing them fast while ensuring security, compliance, and developer productivity. As supply chains grow in complexity, traditional tools aren’t enough; organizations need intelligent, autonomous assistance embedded directly into developer workflows.

The rapid pace of AI innovation is driving new possibilities for every organization. Yet, for many, the journey from inception to reliable, production-ready AI applications is riddled with hidden challenges: proliferation of models, security blind spots, and a desperate need for consistent governance. You want to harness the power of AI, but not at the expense of control, security, or compliance.

The pressure to deliver applications quickly has created a complex software supply chain that is vulnerable to more threats than ever before. New regulations are shifting the liability to software developers, demanding auditable proof of security across the entire product lifecycle. Caught between velocity and complexity, the critical question is this: Can you truly vouch for the integrity, security, and compliance of every application that leaves your pipeline? What about after it’s deployed?

AI agents are rapidly evolving from simple text generators into powerful autonomous assistants that can browse the web, book travel, and extract complex data on our behalf. This new “agentic” AI, which operates in a “sense-plan-act” loop, promises to revolutionize how we interact with the digital world.

The speed of software development today is driven by fierce competition and the constant demand for innovation. Organizations are launching software faster than ever to keep up with the market and drive growth. This need for speed has led to several key trends: These trends introduce a critical dilemma: How do you balance speed vs. trust? While fast releases are essential to meet market and user demands, sacrificing trust for speed can lead to severe business repercussions.

ISO/IEC 27001 is an information security standard that is quickly becoming a must-have for any organization that handles proprietary customer data. ISO 27001 certification is now often a requirement to do business, particularly for IT and SaaS organizations – JFrog included! In this blog, you’ll learn more about ISO 27001, how to get certified, and how JFrog Platform capabilities can help you streamline the certification process.

Open-source software repositories have become one of the main entry points for attackers as part of supply chain attacks, with growing waves using typosquatting and masquerading, pretending to be legitimate. The JFrog Security Research team regularly monitors open-source software repositories using advanced automated tools, in order to detect malicious packages.

Today, businesses must rethink GRC (Governance, Risk, and Compliance) to stay ahead of the game. With a proactive approach, GRC isn’t a cost center; it’s a strategy to streamline innovation at scale. We’ll discuss how to build your foundation for GRC with a proactive stance, helping you grow and protect your business.

JounQin’s npm account, the maintainer of popular packages such as eslint-config-prettier, was compromised in a phishing attack. The attackers used the breached credentials to publish six malicious versions of eslint-config-prettier, along with three additional infected packages tied to the same account. In total, the compromised packages see roughly 78 million weekly downloads. Notably, the account had publishing rights for packages with a combined weekly download count of 180 million!