CVE

May 27, 2026

The CVE Is Dead. Long live the Mythos Era.

• 

Neatsun Ziv

May 25, 2026

From Auth Bypass to RCE: A 4-Vulnerability Exploit Chain in DataEase

• 
• 

Nir Zadok, Moshe Siman Tov Bustan

May 14, 2026

From Prompt to Runtime: Four Ways to Find NGINX Rift (CVE-2026-42945) with OX Security

• 
• 

Moshe Siman Tov Bustan, Sagiv Peer

May 12, 2026

Shai-Hulud Goes Open Source: Malware Creators Leak Their Own Code to GitHub

• 

Moshe Siman Tov Bustan

May 12, 2026

CVE-2025-65719: Critical RCE in Kubectl MCP Server

• 
• 

Moshe Siman Tov Bustan, Nir Zadok

May 12, 2026

New MCP Security Flaws: Kubectl-mcp-server, Archon OS, and MarkItDown Vulnerabilities

• 
• 

Moshe Siman Tov Bustan, Nir Zadok

April 27, 2026

Flowise (CVE-2026-40933) & Upsonic (CVE-2026-30625): What to do when best practice isn’t enough? 

• 

Moshe Siman Tov Bustan

April 24, 2026

Securing the AI Supply Chain: How OX VibeSec Defends Against Anthropic MCP Vulnerability

• 
• 
• 

Mustafa Naamnih, Bar Azouri, Matan Feller

April 15, 2026

The Mother of All AI Supply Chains: Critical, Systemic Vulnerability at the Core of Anthropic’s MCP

• 
• 
• 
• 

Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok, Roni Bar

April 15, 2026

The Mother of All AI Supply Chains: Technical Deep Dive

• 
• 
• 

Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok

April 15, 2026

MCP Supply Chain Advisory: RCE Vulnerabilities Across the AI Ecosystem

• 
• 
• 

Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok

March 24, 2026

Critical Access Control Flaw in Apache Superset Exposes Sensitive Data to Unauthorized Users

• 
• 
• 

Nir Zadok, Eyal Paz, Moshe Siman Tov Bustan