CVE

May 14, 2026

From Prompt to Runtime: Four Ways to Find NGINX Rift (CVE-2026-42945) with OX Security

• 
• 

Moshe Siman Tov Bustan, Sagiv Peer

May 12, 2026

Shai-Hulud Goes Open Source: Malware Creators Leak Their Own Code to GitHub

• 

Moshe Siman Tov Bustan

May 12, 2026

CVE-2025-65719: Critical RCE in Kubectl MCP Server

• 
• 

Moshe Siman Tov Bustan, Nir Zadok

May 12, 2026

New MCP Security Flaws: Kubectl-mcp-server, Archon OS, and MarkItDown Vulnerabilities

• 
• 

Moshe Siman Tov Bustan, Nir Zadok

April 27, 2026

Flowise (CVE-2026-40933) & Upsonic (CVE-2026-30625): What to do when best practice isn’t enough? 

• 

Moshe Siman Tov Bustan

April 24, 2026

Securing the AI Supply Chain: How OX VibeSec Defends Against Anthropic MCP Vulnerability

• 
• 
• 

Mustafa Naamnih, Bar Azouri, Matan Feller

April 15, 2026

The Mother of All AI Supply Chains: Critical, Systemic Vulnerability at the Core of Anthropic’s MCP

• 
• 
• 
• 

Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok, Roni Bar

April 15, 2026

The Mother of All AI Supply Chains: Technical Deep Dive

• 
• 
• 

Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok

April 15, 2026

MCP Supply Chain Advisory: RCE Vulnerabilities Across the AI Ecosystem

• 
• 
• 

Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok

March 24, 2026

Critical Access Control Flaw in Apache Superset Exposes Sensitive Data to Unauthorized Users

• 
• 
• 

Nir Zadok, Eyal Paz, Moshe Siman Tov Bustan

March 10, 2026

CVE-2025-11158: Critical RCE Found in Widely-Deployed Pentaho Platform, Putting Enterprise BI at Risk  

• 
• 
• 

Nir Zadok, Eyal Paz, Moshe Siman Tov Bustan

March 3, 2026

Mail2Shell – CVE-2026-28289: New Zero-Click RCE On FreeScout

• 
• 

Moshe Siman Tov Bustan, Nir Zadok