Merge pull request #89 from jfrog/MAR-10284

MAR-10284 - Research add Real post

Author: danielleafrog

gridsome.config.js

@@ -27,6 +27,14 @@ module.exports = {
         remark: {},
       },
     },
+    {
+      use: "@gridsome/source-filesystem",
+      options: {
+        path: "post/**/*.md",
+        typeName: "realTimePost",
+        remark: {},
+      },
+    },
     {
       use: "@gridsome/plugin-sitemap",
     },

gridsome.server.js

@@ -71,7 +71,11 @@ module.exports = function(api) {
       const springShellPost = await axios.get(`https://jfrog.com/latest-springshell-posts`)
         const NpmToolsPost = await axios.get(`https://jfrog.com/latest-npmtools-posts`)
 
-      store.addMetadata("latestPostsJSON", JSON.stringify(data))
+        const post = data.map((post,imageIndex)=>{
+            post.img='/latest-posts-'+imageIndex+'.webp';
+            return post;
+        })
+      store.addMetadata("latestPostsJSON", JSON.stringify(post))
       store.addMetadata("latestCVEPostsJSON", JSON.stringify(CVEPost.data))
       store.addMetadata("latestLog4ShellPostsJSON", JSON.stringify(Log4shellPost.data))
       store.addMetadata("latestSpringShellPostsJSON", JSON.stringify(springShellPost.data))
@@ -95,6 +99,13 @@ module.exports = function(api) {
           platform: String
           downloads_text: String
           cvss: String
+          tag: String
+          img: String
+          excerpt: String
+          minutes: String
+          date: Date
+
+
         }
       `)
     }

post/funding-for-mitre-restored-following-policy-reassessment.md

@@ -0,0 +1,19 @@
+---
+excerpt: Our security research team has discovered a harmful PyTorch model on @huggingface, identified as dtonala/DeepSeek-R2, which is delivering the XMRig cryptominer as its payload. This poses a significant threat, particularly considering the popularity of DeepSeek-R1 and the beta
+title: Malicious DeepSeek‑R2 PyTorch Model Discovered Hosting XMRig Miner
+date: "July 23, 2024"
+description: "Or Peles,  JFrog Senior Security Researcher"
+tag: "Real Time Post"
+img: /img/RealTimePostImage/malicious-deepseek‑r2-pytorch-model-discovered-hosting-xmrig-miner.png
+type: realTimePost
+minutes: '12'
+
+
+---
+
+
+Our security research team has discovered a harmful PyTorch model on [@huggingface](https://x.com/huggingface), identified as **dtonala/DeepSeek-R2**, which is delivering the **XMRig cryptominer** as its payload. This poses a significant threat, particularly considering the popularity of DeepSeek-R1 and the beta status of DeepSeek-R2, which could allow attackers to take advantage of user trust and distribute a model that conceals a crypto miner download. Users who are unaware and enthusiastic about trying out DeepSeek-R2 may fall victim to this threat. Notably, the malicious model is in PyTorch format, contrasting with the official DeepSeek models, which utilize the safetensors format.
+
+
+
+![](/img/RealTimePostImage/post/malicious-deepseek‑r2-pytorch-model-discovered-hosting-xmrig-miner-post.png)

src/assets/img/home-page/LatestSecurity.svg

@@ -0,0 +1,42 @@
+<template>
+  <a
+      class="hover:text-jfrog-green transition-all"
+      :class="passedClass"
+      href="#"
+      @click.prevent="goBack()"
+  >
+    < Back
+  </a>
+</template>
+
+<script>
+export default {
+  methods: {
+    goBack() {
+      // Get the referrer URL
+      const referrer = document.referrer;
+
+      if (!referrer || window.history.length <= 1) {
+        this.$router.push('/post/');
+        return;
+      }
+
+      const referrerUrl = new URL(referrer);
+
+      const currentHostname = window.location.hostname;
+
+      if (referrerUrl.hostname === currentHostname) {
+        window.history.back();
+      } else {
+        this.$router.push('/post/');
+      }
+    }
+  },
+  props: {
+    passedClass: {
+      type: String,
+      default: ''
+    }
+  }
+}
+</script>

src/components/BackButtonPost.vue

@@ -13,7 +13,7 @@
             :link="link"
           />
         </div>
-        <div class="bottom mt-5 mb-4">
+        <div v-if="dateString" class="bottom mt-5 mb-4">
           Last updated on <span class="font-bold">{{dateString}}</span>
         </div>
       </div>
@@ -62,18 +62,18 @@ export default {
     },
     date: {
       type: String,
-      default() {
-        return new Date()
-      }
     },
   },
   computed: {
     dateString: function () {
+      if(this.date){
       const d = new Date(this.date)
       const dayOfMonth = d.getDate()
       const monthName = d.toLocaleString('en-US', {month: 'short'})
       const year = d.getFullYear()
       return `${dayOfMonth} ${monthName}. ${year}`
+      }
+      return ''
     }
   },
   components: {
@@ -86,6 +86,7 @@ export default {
   @import './../assets/style/variables';
   .sr-banner {
     background-image: url(~@/assets/img/backgrounds/banner-bg.webp);
+
     .number {
       font-size: 42px;
       font-weight: 700;
@@ -101,6 +102,10 @@ export default {
     }
     @media (min-width: #{$md}) {
       max-width: 243px;
+      min-height: 153px;
+      display: flex;
+      align-items: center;
+      justify-content: center;
     }
     @media (max-width: #{$md}) {
       width: 343px;

src/components/Banner.vue

@@ -62,7 +62,6 @@ export default {
     }, //object
     bannerDate: {
       type: String,
-      default: '01-01-2011'
     },
     gaa: {
       type: String,

src/components/ListAndBanner.vue

@@ -0,0 +1,131 @@
+<template>
+  <a
+      class=" block h-full single-post-preview"
+      :href="postObj.path"
+      target="_self"
+      rel=""
+      data-gac="Links back to JFrog"
+      data-gaa="Latest Security Blog"
+      :data-gal="`${postObj.title} | ${postObj.path}`"
+  >
+    <div class="image">
+
+      <picture>
+        <source
+            :srcset="`${postObj.img}`"
+            type="image/webp"
+        >
+        <img
+            :alt="postObj.title"
+            :srcset="`${postObj.img}`"
+            class="object-contain"
+            height="201"
+            width="148"
+        />
+      </picture>
+
+    </div>
+    <div>
+      <div class="text-xs font-weight-500  green-dark mt-5 lg:mt-0 mb-2" v-html="postObj.tag"> </div>
+      <div class="text-lg font-weight-500 leading-6 text-black  " v-html="postObj.title"> </div>
+      <div class="text-xs  text-black mt-3 mb-3" v-html="postObj.description"> </div>
+      <p class="text-md text-black"> {{postObj.excerpt}} </p>
+      <div class="latest-published mt-3">
+        <div class=" text-right text-black text-xs leading-none py-1">Published on <b>{{postObj.date}}</b> </div>
+      </div>
+    </div>
+  </a>
+</template>
+
+<script>
+
+import {toBlogDateStr,} from '~/js/functions'
+
+export default {
+  props: {
+    postObj: {
+      type: Object,
+      default() {
+        return {
+          path: '1',
+          title: 'Post Title Here',
+          description: 'Post Description Here',
+          date: '15',
+          img: 'sec-blog-img-1.png',
+          tag: 'realtime',
+
+        }
+      }
+    },
+
+  },
+  computed:{
+
+    dateString() {
+      return toBlogDateStr(this.postObj.date)
+    },
+  }
+}
+</script>
+
+<style lang="scss">
+@import './../assets/style/variables';
+
+
+
+.font-weight-500{
+  font-weight: 500;
+}
+.latest-published{
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+}
+.image img{
+
+  width: 100%;
+  height: auto;
+  @media (min-width: #{$md}){
+    width: 203px;
+    height: 148px;
+    object-fit: cover;
+
+  }
+}
+
+.green-dark{
+  color: #008A09;
+}
+
+.single-post-preview {
+
+  display: grid;
+  grid-template-columns: 201px 1fr;
+  column-gap: 22px;
+  max-width: 100%;
+  position: relative;
+  padding-bottom: 24px;
+  padding-top: 24px;
+
+  @media (min-width: #{$md}){
+    padding-bottom: 24px;
+    padding-top: 24px;
+    width: 750px;
+    &:after{
+      content: "";
+      width: 100%;
+      position: absolute;
+      left: 0;
+      bottom: 0;
+      height: 1px;
+      background-color: #9CA3AF;
+
+    }
+  }
+  @media (max-width: #{$md}) {
+    width: 100%;
+    grid-template-columns: 100%;
+  }
+}
+
+</style>

src/components/RealTimePostItem.vue

@@ -0,0 +1,70 @@
+<template>
+  <div>
+    <ul
+      class="block"
+    >
+      <component
+        :is="RealTimePostItem"
+        v-for="edge in $static.RealTimePost.edges"
+        :key="edge.node.id"
+        :postObj="edge.node"
+      />
+    </ul>
+
+
+  </div>
+
+
+
+</template>
+
+<static-query>
+query realTimePostsMain {
+RealTimePost: allRealTimePost (
+sortBy: "date",
+order: DESC,
+limit: 4
+filter: {
+type: {eq: "realTimePost" }
+}
+){
+edges {
+node {
+description
+title
+date
+type
+excerpt
+tag
+img
+path
+}
+}
+}
+}
+</static-query>
+
+
+<script>
+import RealTimePostItem from './RealTimePostItem.vue'
+export default {
+  name: 'RealTimePostList',
+  data() {
+    return {
+      RealTimePostItem: RealTimePostItem
+    }
+  },
+  metaInfo: {
+    title: "Security Research",
+    meta: [
+      {
+        name: "description",
+        content: "Cutting Edge Security Research to Protect the Modern Software Supply Chain",
+      },
+    ],
+  },
+  components: {
+    RealTimePostItem: RealTimePostItem
+  }
+}
+</script>