Research

April 30, 2026

8.3M Downloads Compromised: Lightning & Intercom-Client Infected in Latest Shai-Hulud Attack

By Moshe Siman Tov Bustan&Nir Zadok

April 29, 2026

Shai-Hulud Hits SAP: Stolen Credentials Found in 1,200 GitHub Repos

By Moshe Siman Tov Bustan&Nir Zadok

April 27, 2026

Flowise (CVE-2026-40933) & Upsonic (CVE-2026-30625): What to do when best practice isn’t enough? 

By Moshe Siman Tov Bustan

April 24, 2026

Securing the AI Supply Chain: How OX VibeSec Defends Against Anthropic MCP Vulnerability

By Mustafa Naamnih,Bar Azouri&Matan Feller

April 23, 2026

Shai-Hulud: The Third Coming — Bitwarden CLI Backdoored in Latest Supply Chain Campaign

By Moshe Siman Tov Bustan&Nir Zadok

April 22, 2026

Xinference allegedly hacked by TeamPCP, Malicious Package In PyPi

By Moshe Siman Tov Bustan

April 20, 2026

Supply Chain Attack Hits Vercel: User Data is Being Sold on BreachForums For $2M

By Moshe Siman Tov Bustan&Nir Zadok

April 15, 2026

The Mother of All AI Supply Chains: Technical Deep Dive

By Moshe Siman Tov Bustan,Mustafa Naamnih&Nir Zadok

April 15, 2026

The Mother of All AI Supply Chains: Critical, Systemic Vulnerability at the Core of Anthropic’s MCP

By Moshe Siman Tov Bustan,Mustafa Naamnih,Nir Zadok&Roni Bar

April 15, 2026

MCP Supply Chain Advisory: RCE Vulnerabilities Across the AI Ecosystem

By Moshe Siman Tov Bustan,Mustafa Naamnih&Nir Zadok

March 31, 2026

Axios Compromised With A Malicious Dependency

By Moshe Siman Tov Bustan&Nir Zadok

March 30, 2026

TeamPCP’s Telnyx Windows Malware: Technical Analysis

By Moshe Siman Tov Bustan&Nir Zadok