JFrog Security Research

JFrog Security Real Time Posts

Last Updated On 18 Feb, 2026

Three Stages Deep: A Malicious npm Package Delivering a Full-Featured macOS RAT

The JFrog Security Team has identified a malicious npm package named eslint-verify-plugin that deploys a sophisticated multi-stage infection chain, ultimately delivering a full-featured Mythic/Apfell macOS RAT capable of credential theft, screen capture, and backdoor account creation.

Published on February 18, 2026

Real Time Post

How a Complex Multi Payload Infostealer Hid in NPM Disguised as 'Console Visibility'

Guy Korolevski, JFrog Security Researcher

The JFrog security research team recently uncovered a sophisticated malicious package called "duer-js" published on NPM by the user "luizaearlyx". After complex analysis, the package was identified as an advanced windows targeted information stealer, self-named as “bada stealer”. The package remains active as of this publication.

Published on February 11, 2026

Real Time Post

Potentially Critical RCE Vulnerability in OpenSSL - CVE-2025-15467

Ofri Ouzan, JFrog Security Researcher

The JFrog Security Research team is tracking a newly disclosed OpenSSL vulnerability, CVE-2025-15467, a stack overflow issue that may lead to remote code execution (RCE).

Published on January 28, 2026

Real Time Post

Achieving Remote Code Execution on n8n Via Sandbox Escape - CVE-2026-1470 & CVE-2026-0863

Nathan Nehorai, JFrog Security Researcher

Our research team discovered and disclosed two vulnerabilities in n8n’s sandbox mechanism leading to remote code execution.

Published on January 27, 2026

Real Time Post

CVE-2025-55182 and CVE-2025-66478 (“React2Shell”) - All you need to know

JFrog Security Research Team

Critical CVSS 10 vulnerabilities CVE-2025-55182 and CVE-2025-66478 lead to remote code execution in React-based web applications.

Published on December 4, 2025

Real Time Post

Defending Against Shai-Hulud: Protection & Response Guide

Expert guide to defending against Shai-Hulud 2.0. Protect your npm supply chain with proven containment, rotation, and recovery strategies. David Cohen, JFrog Security Researcher.

Shai-Hulud remediation guide

Published on November 26, 2025

Real Time Post

Shai-Hulud, The Second Coming - Ongoing npm supply chain attack

Guy Korolevski, Andrii Polkovnychenko and Shavit Satou, JFrog Security Researchers

Shai-Hulud ongoing attack resurfaced for a second wave, compromising more than 630 packages so far

Published on November 24, 2025

Real Time Post

New Crypto Stealer on npm. A Two-Part Attack

Andrii Polkovnychenko, JFrog Security Researcher

The JFrog Security Team has identified a two-component cryptocurrency stealer in the NPM repository, cleverly disguised as a benign-looking package to avoid detection.

Published on November 20, 2025

Real Time Post

Crypto packages on NPM deliver Heracles malware via dependency

Guy Korolevski, JFrog Security Researcher

Our team found and reported crypto packages that delivered known malware via a dependency, with a total of nearly 2K downloads

Published on November 11, 2025

Real Time Post

Big Red - Indonesian-based Self-replicating Malicious Spam Campaign detected in npm

Andrii Polkovnychenko, JFrog Security Researcher

Our team found a malicious cluster of about 80,000 self-replicating malware packages in the NPM registry. This report details the capabilities of the campaign and motivation behind it.

Published on November 11, 2025