JFrog

How do you engineer a single-region 99.99% SLA for the software supply chain? Our latest blog takes you "under the hood" of JFrog Premium Availability. We’re breaking down the architectural shifts required to move from 99.9% to 99.99% uptime, ensuring the performance predictability required of "always-on" software factories. Key technical highlights: - Premium Cells: Strict density limits to ensure performance predictability. - Isolated Infrastructure: Removing "noisy neighbor" risks. - Universal Foundation: 99.99% coverage across Artifactory, Xray, Distribution, and more. If you’re managing mission-critical pipelines, this is a must-read. Check out the #engineering breakdown: https://bit.ly/42qK1k4 #CloudInfrastructure #SiteReliability #DevSecOps

Employees recently came together to celebrate Israel’s Independence Day. We shared food, raised a glass, and honored the resilience and spirit that independence represents. We're proud and inspired by the people who carry these values forward every day. 🇮🇱 #JFrogLife

🚨 Security Alert: New analysis of the js-logger-pack #npm malware reveals a major shift — attackers are now using #HuggingFace as both a malware CDN and a direct exfiltration backend. 🔗 Full breakdown: https://bit.ly/4mJ0rxz Instead of a traditional C2 server, stolen data — keystrokes, files, credentials — is uploaded directly to private Hugging Face datasets, letting malicious traffic blend in with legitimate AI platform activity. And it gets weirder: the attacker is planting false metadata to impersonate a real exec (Josh Stevens, VP at Polymarket) to cover their tracks.

🚨The Checkmarx TeamPCP campaign has now spread to npm! Full technical analysis from our Security Research team 👉🏽 https://lnkd.in/dBNJNt2a Package @bitwarden/cli (78K weekly downloads) v2026.4.0 steals GitHub/npm tokens, .ssh, .env, shell history, GitHub Actions and cloud secrets, then exfiltrates the data to private domains & as GitHub commits Payload looks very similar to the attack discovered yesterday by Docker, which affected Checkmarx docker images & VSCode extensions.

Security teams spend months chasing vulnerabilities after the fact. What if you could shrink that window to weeks (and without adding headcount)? 🤔 A pharma company's director of software development didn't just hope for fewer critical vulnerabilities... They measured it and after implementing JFrog's #SoftwareSupplyChain platform, the reduction was significant, fast, and verifiable. This is one of the findings in the Forrester Total Economic Impact™ study commissioned by JFrog. Get the real numbers from real organizations who made the shift. Download the full study → https://jfrog.com/tei #DevSecOps #AppSec #CyberSecurity

Software supply chains are growing more complex as development ecosystems expand. Explore insights from JFrog on strengthening visibility and security across every stage in our blog: https://lnkd.in/gpkSWNs5 Brett Zehnder, Jasmine Fuentes-Melendez, Soffia Nunez, Alex Whitworth

The annual 2026 global C++ developer survey is now open, your feedback is important! https://lnkd.in/e7zmSxHW

Is your AI model management stuck in a "bit bucket"? 🪣 While S3 is great for storage, enterprise #AI demands custody and consequence. Bridging the gap between AWS #SageMaker’s velocity and #DevSecOps governance requires a unified model registry. Learn how to centralize the "Model Triad," automate AIBOM generation, and resolve the trade-off between innovation and auditability. 🚀 Read the full guide here: https://bit.ly/4u6X2va #AIGovernance #MachineLearning

🚨 TeamPCP strikes again and this one's serious. The xinference #PyPI package has been hijacked. With 680K downloads and 9.3K GitHub stars, this isn't a fringe library — it's widely trusted, which makes the attack even more dangerous. Versions 2.6.0–2.6.2 are malicious. Importing them silently harvests and exfiltrates your: 🔑 Cloud credentials 🔐 SSH keys 📄 .env secrets If you installed them, assume compromise and rotate everything now. 👉🏽 Full technical breakdown: https://bit.ly/4cBvQxh #CyberSecurity #SupplyChainAttack #Python #InfoSec #DevSecOps

Israel's Independence Day is a deeply meaningful occasion. A day that moves from solemn remembrance to celebration, honoring those who gave everything for the country they love. Today we stand with our Israeli colleagues and community, honored to share this day with you. 🇮🇱 🐸 #JFrogLife #bettertogether