Welcome to the JFrog Blog

Latest:

Is TensorFlow Keras “Safe Mode” Actually Safe? Bypassing safe_mode Mitigation to Achieve Arbitrary Code Execution

March 12, 2025 Andrey Polkovnichenko, JFrog Security Researcher

9 min read

Update: This issue was discovered and disclosed independently to Keras by JFrog's research team and Peng Zhou. Machine learning frameworks often rely on serialization and deserialization mechanisms to store and load models. However, improper code isolation and executable components in the models can lead to severe security risks. The structure of the Keras v3 ML Model…

Read More

All Blogs

Get to Know JFrog ML

Get to Know JFrog ML

March 4, 2025 William Manning, Senior Solution Architect, JFrog ML Sean Pratt, Senior Manager, Product Marketing, JFrog | 6 min read

AI/ML development is getting a lot of attention as organizations rush to bring AI services into their business applications. While emerging MLOps practices are designed to make developing AI applications easier, the complexity and fragmentation of available MLOps tools often complicates the work of Data Scientists and ML Engineers, and lessens trust in what’s being…
Read More
Accelerating Enterprise AI Development: A Guide to the JFrog-NVIDIA NIM Integration

Accelerating Enterprise AI Development: A Guide to the JFrog-NVIDIA NIM Integration

March 4, 2025 Kristian Taernhed, JFrog Senior Technical Alliance Manager | 5 min read

Enterprises are racing to integrate AI into applications, yet transitioning from prototype to production remains challenging. Managing ML models efficiently while ensuring security and governance is a critical challenge. JFrog’s integration with NVIDIA NIM addresses these issues by applying enterprise-grade DevSecOps practices to AI development. Before exploring this solution further, let's examine the core MLOps…
Read More
JFrog and Hugging Face Join Forces to Expose Malicious ML Models

JFrog and Hugging Face Join Forces to Expose Malicious ML Models

March 4, 2025 David Cohen, JFrog Senior Security Researcher | 17 min read

ML operations, data scientists, and developers currently face critical security challenges on multiple fronts. First, staying up to date with evolving attack techniques requires constant vigilance and security know-how, which can only be achieved by a dedicated security team. Second, existing ML model scanning engines suffer from a staggering rate of false positives. When a…
Read More
FINMA Compliance: DevSecOps Strategies for Securing the Swiss Financial Ecosystem

FINMA Compliance: DevSecOps Strategies for Securing the Swiss Financial Ecosystem

February 24, 2025 Danny Parizada, JFrog Senior Solution Engineer | 6 min read

The Swiss Financial Market Supervisory Authority (FINMA) sets strict requirements to ensure that financial institutions operating in Switzerland maintain robust security and operational resilience. FINMA’s guidelines are crucial for protecting sensitive financial data, minimizing risks, and maintaining trust in the Swiss financial ecosystem. As part of that, software supply chain security plays an essential role…
Read More
Introducing Support for Hex Packages

Introducing Support for Hex Packages

February 18, 2025 Brian Chang, Product Marketing Manager | 2 min read

JFrog has always prioritized universality, ensuring software development teams have true freedom of choice. Core to the JFrog Platform, JFrog Artifactory is the world’s most versatile artifact manager, natively supporting nearly 40 package types. After taking in valuable feedback from the developer community, we’re thrilled to discuss how we’re further expanding our universe with the…
Read More
Building Cloud Excellence: How JFrog Supports the AWS Well-Architected Framework

Building Cloud Excellence: How JFrog Supports the AWS Well-Architected Framework

February 15, 2025 Nitin Khanna, Senior Partner Solutions Engineer | 4 min read

In today’s hybrid infrastructure landscape, migrating applications to the cloud unlocks significant financial and technological benefits. Whether internal or external, these applications require robust, efficient infrastructure. Cloud providers like Amazon Web Services (AWS), Google Cloud, and Microsoft Azure offer frameworks to help organizations build better systems. AWS Well-Architected helps cloud architects design secure, high-performing, resilient,…
Read More
JFrog’s Release Lifecycle Promotion vs. Build Promotion

JFrog’s Release Lifecycle Promotion vs. Build Promotion

February 13, 2025 Irena Guy, JFrog Principal Product Manager | 6 min read

We here at JFrog have long advocated for promoting - never rebuilding - release candidates as they advance across the stages of your SDLC. For many JFrog customers, that meant using JFrog’s “Build Promotion” capabilities. Now you can level up your CI/CD game with promotions using Release Lifecycle Management (RLM)! In this article we’ll show…
Read More
JFrog Simplifies Compliance with India’s new CERT SBOM Guidelines

JFrog Simplifies Compliance with India’s new CERT SBOM Guidelines

February 12, 2025 Yashaswi Mudumbai, JFrog Senior Director of Solution Engineering Harel Avissar, JFrog Director of Product | 8 min read

Overview The Indian Computer Emergency Response Team (CERT-In) is the national agency responsible for addressing cybersecurity incidents in India. Established in 2004 and operating under the Ministry of Electronics and Information Technology (MeitY), CERT-In is dedicated to enhancing the security of India's digital infrastructure. The organization plays a vital role in preventing, detecting, and responding…
Read More
Everything You Need to Know About Evil Proxy Attacks and MFA Bypass

Everything You Need to Know About Evil Proxy Attacks and MFA Bypass

November 26, 2024 Yarin Zaddik, JFrog IR SecOps Engineer Orel Bitan, JFrog IR & SecOps Group Leader | 9 min read

Attackers use a malicious proxy server to intercept, monitor, and manipulate communication between a client and a legitimate server, often to steal credentials, session tokens, or other sensitive information. Some services provide "Phishing-as-a-Service" (PhaaS), offering attackers ready-made tools and infrastructure to conduct phishing campaigns. These services simplify the process of deceiving individuals into providing sensitive…
Read More
JFrog Achieves ISO/IEC 27001:2022

JFrog Achieves ISO/IEC 27001:2022

February 10, 2025 Tamar Ashtar, JFrog GRC Specialist | 3 min read

As part of JFrog's mission to continuously develop and uphold the highest industry standards in cyber security, we are excited to announce that we have successfully upgraded our ISO certification to the latest version, ISO/IEC 27001:2022. This achievement reinforces our dedication to protecting your data with the high standards of cyber and information security. Understanding…
Read More

Popular Tags