Malicious ML models found on Hugging Face Hub https://www.helpnetsecurity.com/2025/02/10/malicious-ml-models-found-on-hugging-face-hub/ #artificialintelligence #softwaredevelopment #supplychainattacks #machinelearning #ReversingLabs #HuggingFace #Don'tmiss #Hotstuff #JFrog #News
Huh.. rumor of #jfrog using #databrokers to get more data on people trying out their service and making some aggressive style marketing movements. I didn't send them my number.. why and how are they texting me?
Anyone know someone at #JFrog I could reach out to, concerning their SaaS solution for #Artifactory ?
Ran into issues where it looks like they need to update some of their AWS backend infra configuration to support IPv6 (dualstack) to accept users that are reaching out from IPv6-only environments. Otherwise, packages are unable to be downloaded from their hosted endpoints in those scenarios.
Excited to be presenting on the weird and wild world of AI security at #jfrog #swampup in Austin on September 11th, drop me a line if you're coming :)
https://swampup.jfrog.com/session/the-old-the-new-and-the-strange-securing-deep-learning-in-2024/
Supply chain attack na Pythona, czyli o krok od kolejnego dużego incydentu
Często słyszy się określenie, że bezpieczeństwo to ciągła „gra w kotka i myszkę” lub wyścig. W rzeczy samej, często badacze muszą ścigać się z przestępcami, aby zapobiec poważnym atakom. Od czasu ataku na SolarWinds, dużą popularność i rozgłos zyskują ataki na łańcuch dostaw. Na łamach sekuraka opisywaliśmy wielokrotnie sytuacje, w...
#WBiegu #Jfrog #Pypi #Python #Supplychain
https://sekurak.pl/supply-chain-attack-na-pythona-czyli-o-krok-od-kolejnego-duzego-incydentu/
JFrog prevents massive Python supply chain attack with timely discovery
https://stackdiary.com/jfrog-prevents-massive-python-supply-chain-attack-with-timely-discovery/
#JFrog / Zero tolerance for the sad horrific truth
Israelis are thin skinned and can’t deal with criticism. Who knew.
Q: You are an Israeli company with branches around the world. Has the war affected you?
Shlomi Ben-Chaim: "On October 11th, one of the employees wrote anti-Israel words on her Instagram. She was fired within two hours. She is suing me. We are a global Israeli company, no one will hide or conceal this, we grew up here. This is the flag on NASDAQ and in Netiv HaAsara. We are present in many countries, in Europe and the USA, in India and China, and it's like providing education at home. Don't be surprised if your employees behave this way if you don't set boundaries for them. JFrog has a very clear set of values written by the employees, not by management, and every employee must respect them. Not comfortable with them? It's a free country, work somewhere else. Anyone who came out against Israeliness in any manifestation was out of the company. This is natural loyalty, I believe this is how they would act in any company in the world."
GitHub і JFrog оголосили про інтеграцію: єдиний вхід, спільні панелі та робота з кодом https://itc.ua/ua/tehnologiyi/github-i-jfrog-ogolosyly-pro-integratsiyu-yedynyj-vhid-spilni-paneli-ta-robota-z-kodom/ #Технології #Новини #GitHub #JFrog
#JFrog found that nearly 20% of #DockerHub repositories contained malicious content, so perhaps it is time for a reminder: Do not use random images you know nothing about.
I had two repositories in my account that were (I deleted them) not directly malicious, but were also very much not intended to be used by anyone but me. One of them was even called donotuse! Yet they were pulled hundreds of times. 
De impact van malware aanvallen op docker hub: een diepgaande analyse https://www.trendingtech.news/trending-news/2024/05/9517/de-impact-van-malware-aanvallen-op-docker-hub-een-diepgaande-analyse #Docker Hub malware #JFrog cybersecurity #malwarecampagnes #containerafbeeldingen veiligheid #phishingwebsites #Trending #News #Nieuws
De onzichtbare dreiging op docker hub ontmaskerd https://www.trendingtech.news/trending-news/2024/04/9242/de-onzichtbare-dreiging-op-docker-hub-ontmaskerd #Docker Hub #cybersecurity #JFrog onderzoek #kwaadaardige repositories #Informa Tech #Trending #News #Nieuws
Docker Hub Users Targeted With Imageless, Malicious Repositories https://www.securityweek.com/docker-hub-users-targeted-with-imageless-malicious-repositories/ #Vulnerabilities #CloudSecurity #DockerHub #JFrog
Docker Hub Users Targeted With Imageless, Malicious Repositories https://www.securityweek.com/docker-hub-users-targeted-with-imageless-malicious-repositories/ #Vulnerabilities #CloudSecurity #DockerHub #JFrog
Seriously it seems #JFrog is more about trying to get people to buy a license, and packing so much into what was at one time a simple management tool, that now it's near impossible to determine what you need to do. Very disappointed in that.
Anyone out there knowledgeable about a good #Maven repository manager? I've been looking at #JFrog #Artifactory and well, it isn't as I remember it from 10 years ago, and it doesn't seem to fit our needs. I need one where the admin user can control what libraries are available/cached in our local repository, and also download the dependencies so we don't have to constantly go looking that all of them are present. I would prefer an #OpenSourceSoftware solution if possible.
Over 100 Malicious AI/ML Models -
“JFrog” Found on AI Developer Platform Hugging Face.
As many as 100 malicious artificial intelligence (AI) / machine learning (ML) models have been discovered in the Hugging Face platform. These include instances where loading a pickle file leads to code execution. The model's payload grants the attacker a shell on the compromised machine.
Though I am waiting for some coworkers to work through some Artifactory issues with JFrog support...
Is the #jfrog #terraform provider solid or iffy? In the past I've used the jf cli and #python rest clients but terraform feels like it would be more sustainable if the provider is solid. https://registry.terraform.io/providers/jfrog/artifactory/latest/docs
Cursed idea of the day: a dnf plugin that runs jfrog-cli as the initiating user to download from JFrog Artifactory.
#dnf #python #JFrog #artifactory #RedHat #linux #programming
Anyone know to escape ‘/‘ in build number when running build promotion via #jfrog #artifactory cli? The code treats / as a break mixing up name and number https://stackoverflow.com/questions/77545689/how-can-i-escape-in-build-number-for-jfrog-cli-promote-build-command
Toxic Flange (Gurjeet)
