The JFrog Security Research Team empowers developers and companies to excel by identifying, prioritizing, and mitigating software risks.

USA / Israel
🚨 Multiple recent Axios CVEs aren't as severe as they seem. JFrog researchers found that some Prototype Pollution gadget vulnerabilities in Axios are scored based on the impact of an already-compromised application, even though exploitation requires a separate Prototype Pollution vulnerability (as you can see in this PoC). Read our blog (in the first comment) to understand why context matters more than the score.
1
8
25
1,726
🚨 Lazarus-linked npm malware is masquerading as widely used Rollup polyfills (~295K weekly downloads) Bypassing standard detection with no obvious install-script triggers, the threat actors wait until import-time to pull a multi-stage payload built for broad file collection, crypto wallet theft, and full interactive remote access. Read the full breakdown in our blog post (link in the thread)
2
12
32
12,089
Full details (including PoC) can be found here: research.jfrog.com/vulnerabi…
🚨 Only 3 commands are needed to exploit CVE-2026-53605, a local privilege escalation vulnerability affecting home robots. JFrog researchers found that versions <0.2.4 of Pollen Robotics' Reachy Mini SDK allow attackers to gain root access in seconds. Camera. Microphone. Motors. All attacker-controlled. Update immediately.
8
33
6,056
🚨 Only 3 commands are needed to exploit CVE-2026-53605, a local privilege escalation vulnerability affecting home robots. JFrog researchers found that versions <0.2.4 of Pollen Robotics' Reachy Mini SDK allow attackers to gain root access in seconds. Camera. Microphone. Motors. All attacker-controlled. Update immediately.
14
63
10,224
🚨 CAMPAIGN UPDATE 🚨 We have detected additional compromised packages and versions associated with the ongoing malicious campaign targeting Backstage plugins. If you are using @immobiliarelabs plugins within your environment (10K weekly downloads), audit your dependencies immediately. The newly identified compromised packages and versions are: @ immobiliarelabs/backstage-plugin-gitlab 1.0.1, 2.1.2, 3.0.3, 4.0.2, 5.2.1, 6.13.1, 7.0.2 @ immobiliarelabs/backstage-plugin-gitlab-backend 3.0.3, 4.0.2, 5.2.1, 6.13.1, 7.0.2 @ immobiliarelabs/backstage-plugin-ldap-auth 1.1.4, 2.0.5, 3.0.2, 4.3.2, 5.2.1 @ immobiliarelabs/backstage-plugin-ldap-auth-backend 1.1.3, 2.0.5, 3.0.2, 4.3.2, 5.2.1 Secure your software supply chain by ensuring these specific versions are blocked. More updates to follow as our research continues. 👇
🚨 SECURITY ALERT 🚨 A new supply chain attack has been detected. A Shai Hulud worm variant dubbed "Alright Lets See If This Works" has hijacked 20 LeoPlatform npm packages, including "leo-logger", which impacts over 3.5K weekly downloads. Audit your dependencies immediately. Full analysis and mitigation details will be live soon on our blog: research.jfrog.com/post/shai…
8
27
4,792
🚨 Successful PoC for Linux Kernel CVE-2026-43503 (DirtyFrag variant) 🚨 JFrog researchers successfully developed a privilege escalation exploit for CVE-2026-43503, a newly discovered DirtyFrag variant we dubbed "DirtyClone". The vulnerability was patched and merged into mainline Linux on May 21 (v7.1-rc5, commit 9e171fc1d7d7). Make sure your systems are up to date. Read the full technical writeup: research.jfrog.com/post/diss…
7
68
217
23,644
🚨 SECURITY ALERT 🚨 A new supply chain attack has been detected. A Shai Hulud worm variant dubbed "Alright Lets See If This Works" has hijacked 20 LeoPlatform npm packages, including "leo-logger", which impacts over 3.5K weekly downloads. Audit your dependencies immediately. Full analysis and mitigation details will be live soon on our blog: research.jfrog.com/post/shai…
6
27
62
11,137
3 more packages in this campaign: prism-silq:1.0.1 hexo-shoka-swiper:0.1.10 hexo-deployer-wrangler:1.0.4
1
5
379
the blog is live now
1
2
464
full list: leo-auth:4.0.6 leo-aws:2.0.4 leo-cache:1.0.2 leo-cdk-lib:0.0.2 leo-cli:3.0.3 leo-config:1.1.1 leo-connector-elasticsearch:2.0.6 leo-connector-mongo:3.0.8 leo-connector-mysql:3.0.3 leo-connector-oracle:2.0.1 leo-connector-redshift:3.0.6 leo-cron:2.0.2 leo-sdk:6.0.19 leo-streams:2.0.1 rstreams-metrics:2.0.2 rstreams-shard-util:1.0.1 serverless-convention:2.0.4 serverless-leo:3.0.14 solo-nav:1.0.1 leo-logger:1.0.8
1
3
637
🚨 Open a VS Code workspace. Get infected. JFrog researchers analyzed 2 hijacked npm packages that abuse hidden VS Code "folderOpen" tasks and blockchain dead drops to deploy an infostealer. The malware steals credentials, browser cookies, crypto wallets, and other sensitive data. Affected packages: • html-to-gutenberg@4.2.11 • fetch-page-assets@1.2.9 Check your environment and remove them immediately if found. Full analysis: research.jfrog.com/post/hija…
3
13
45
9,321
⚠️ Overhyped vulnerability of the week: CVE-2026-44496 (High score, narrow attack surface). A ReDoS in Axios: an unescaped XSRF cookie name like (.+)+$ can trigger expensive regex backtracking while reading document.cookie. However, the issue is limited to browser environments and requires an attacker-controlled xsrfCookieName, a value that is typically hardcoded by applications. Despite NVD rating it High, the impact is client-side availability only: a frozen browser tab. ❌ No credentials exposed ❌ No request tampering ❌ No integrity impact A low-severity rating is more aligned with the real-world risk.
5
13
1,569
⚠️ Watch out for postcss-minify-selector-parser! Our latest research uncovers how this malicious npm package masquerades as a popular PostCSS tool (150M weekly downloads) to deploy a Windows RAT. Learn how it targets Chrome credentials and how you can protect your environment: research.jfrog.com/post/from…
7
24
2,262
‼️ npm v12 is about to disrupt 53% of the malicious npm packages we analyzed from the past year ‼️ Starting July 2026, npm will block by default: ❌ Lifecycle scripts (preinstall, postinstall, etc.) during installation ❌ Git-based dependency resolution during installation ❌ Remote URL dependency resolution during installation These techniques were abused in SSC malware campaigns including Shai-Hulud, easy-day-js, and PhantomRaven, affecting hundreds of packages and reaching millions of downloads. This is one of the biggest security changes to the npm ecosystem in years, so get ready to update. Where attackers may pivot next, and the full impact of these changes: jfrog.com/blog/npm-v12-from-…
2
14
30
2,368
🚨 SECURITY ALERT: A widespread supply chain attack dubbed "easy-day-js" has been identified, targeting the mastra npm packages. Attackers have compromised and published malicious versions of these packages. 144 packages are currently confirmed to be affected. Please check your dependencies immediately. We will share the full list of affected packages in this thread and further analysis in: research.jfrog.com/post/easy… (will be live in a few hours)
12
30
157
556,164
blog is live
2
1,166
The full package list: @​mastra/acp:0.2.2 @​mastra/agent-browser:0.3.2 @​mastra/agent-builder:1.0.42 @​mastra/agentcore:0.2.2 @​mastra/agentfs:0.1.1 @​mastra/ai-sdk:1.4.6 @​mastra/arize:1.2.3 @​mastra/arthur:0.3.3 @​mastra/astra:1.0.2 @​mastra/auth:1.0.3 @​mastra/auth-auth0:1.0.2 @​mastra/auth-better-auth:1.0.4 @​mastra/auth-clerk:1.0.3 @​mastra/auth-cloud:1.1.4 @​mastra/auth-firebase:1.0.1 @​mastra/auth-okta:0.0.5 @​mastra/auth-studio:1.2.4 @​mastra/auth-supabase:1.0.2 @​mastra/auth-workos:1.5.3 @​mastra/azure:0.2.3 @​mastra/blaxel:0.4.2 @​mastra/braintrust:1.1.4 @​mastra/brightdata:0.2.2 @​mastra/browser-firecrawl:0.1.1 @​mastra/browser-viewer:0.1.3 @​mastra/chroma:1.0.2 @​mastra/claude:1.0.3 @​mastra/clickhouse:1.10.1 @​mastra/client-js:1.24.1 @​mastra/cloud:0.1.24 @​mastra/cloudflare:1.4.2 @​mastra/cloudflare-d1:1.0.7 @​mastra/codemod:1.0.4 @​mastra/convex:1.2.2 @​mastra/core:1.42.1 @​mastra/couchbase:1.0.4 @​mastra/cursor:0.2.1 @​mastra/dane:1.0.2 @​mastra/datadog:1.2.5 @​mastra/daytona:0.4.2 @​mastra/deployer:1.42.1 @​mastra/deployer-cloud:1.42.1 @​mastra/deployer-cloudflare:1.1.44 @​mastra/deployer-netlify:1.1.20 @​mastra/deployer-vercel:1.1.38 @​mastra/docker:0.3.1 @​mastra/dsql:1.0.3 @​mastra/duckdb:1.4.3 @​mastra/dynamodb:1.0.9 @​mastra/e2b:0.3.4 @​mastra/editor:0.11.3 @​mastra/elasticsearch:1.2.1 @​mastra/engine:0.1.1 @​mastra/evals:1.3.1 @​mastra/express:1.3.31 @​mastra/fastembed:1.1.3 @​mastra/fastify:1.3.31 @​mastra/files-sdk:0.2.1 @​mastra/gcs:0.2.3 @​mastra/github-signals:0.1.2 @​mastra/google-cloud-pubsub:1.0.6 @​mastra/google-drive:0.1.1 @​mastra/hono:1.4.26 @​mastra/inngest:1.5.2 @​mastra/koa:1.5.14 @​mastra/laminar:1.2.3 @​mastra/lance:1.0.7 @​mastra/langfuse:1.3.6 @​mastra/langsmith:1.2.4 @​mastra/libsql:1.13.1 @​mastra/loggers:1.1.3 @​mastra/longmemeval:1.0.50 @​mastra/mcp:1.10.1 @​mastra/mcp-docs-server:1.1.47 @​mastra/mcp-registry-registry:1.0.2 @​mastra/mem0:0.1.14 @​mastra/memory:1.20.4 @​mastra/modal:0.2.2 @​mastra/mongodb:1.9.3 @​mastra/mssql:1.3.2 @​mastra/mysql:0.1.1 @​mastra/nestjs:0.1.15 @​mastra/node-audio:0.1.8 @​mastra/node-speaker:0.1.1 @​mastra/observability:1.14.2 @​mastra/openai:1.0.2 @​mastra/opencode:0.0.47 @​mastra/opensearch:1.0.3 @​mastra/otel-bridge:1.2.3 @​mastra/otel-exporter:1.2.3 @​mastra/perplexity:0.1.1 @​mastra/pg:1.13.1 @​mastra/pinecone:1.0.2 @​mastra/playground-ui:33.0.1 @​mastra/posthog:1.0.29 @​mastra/qdrant:1.0.3 @​mastra/rag:2.2.2 @​mastra/railway:0.1.1 @​mastra/react:1.0.1 @​mastra/redis:1.1.3 @​mastra/redis-streams:0.0.4 @​mastra/s3:0.5.3 @​mastra/s3vectors:1.0.7 @​mastra/schema-compat:1.2.12 @​mastra/sentry:1.1.4 @​mastra/server:2.1.1 @​mastra/slack:1.3.1 @​mastra/spanner:1.1.2 @​mastra/speech-azure:0.2.1 @​mastra/speech-elevenlabs:0.2.1 @​mastra/speech-google:0.2.1 @​mastra/speech-ibm:0.2.1 @​mastra/speech-murf:0.2.1 @​mastra/speech-openai:0.2.1 @​mastra/speech-replicate:0.2.1 @​mastra/speech-speechify:0.2.1 @​mastra/stagehand:0.2.5 @​mastra/tavily:1.0.3 @​mastra/temporal:0.1.14 @​mastra/turbopuffer:1.0.3 @​mastra/twilio:1.0.2 @​mastra/upstash:1.1.3 @​mastra/vectorize:1.0.3 @​mastra/vercel:1.0.1 @​mastra/voice-aws-nova-sonic:0.1.4 @​mastra/voice-azure:0.11.2 @​mastra/voice-cloudflare:0.12.3 @​mastra/voice-deepgram:0.12.2 @​mastra/voice-elevenlabs:0.12.2 @​mastra/voice-gladia:0.12.2 @​mastra/voice-google:0.12.3 @​mastra/voice-google-gemini-live:0.12.2 @​mastra/voice-inworld:0.3.1 @​mastra/voice-modelslab:0.1.2 @​mastra/voice-murf:0.12.3 @​mastra/voice-openai:0.12.3 @​mastra/voice-openai-realtime:0.12.6 @​mastra/voice-playai:0.12.2 @​mastra/voice-sarvam:1.0.2 @​mastra/voice-speechify:0.12.2 @​mastra/voice-xai-realtime:0.1.2 create-mastra:1.13.1 easy-day-js:1.11.22 mastra:1.13.1
3
5
2,301
⚠️Hackers are using AI safety guardrails against you! The latest wave of Shai-Hulud malware uses clever prompt injection to intentionally trigger safety refusals. By doing this, it forces AI scanners to "look away" and stop reading before they ever analyze the actual malicious payload hidden below. Learn exactly how this evasion technique works and how to keep your pipelines protected in our latest blog post: research.jfrog.com/post/prom…
🚨 New PyPI variants found, now with prompt injection to bypass AI scanning: dreamgen@1.8.1 mem8@6.0.1 orchestr8-platform@3.3.2 ray-mcp-server@0.2.1 Our blog will be updated soon with the technical details.
1
11
32
3,352