May 14, 2026 From Prompt to Runtime: Four Ways to Find NGINX Rift (CVE-2026-42945) with OX Security Moshe Siman Tov Bustan, Sagiv Peer
May 12, 2026 Shai-Hulud Goes Open Source: Malware Creators Leak Their Own Code to GitHub Moshe Siman Tov Bustan
May 12, 2026 New MCP Security Flaws: Kubectl-mcp-server, Archon OS, and MarkItDown Vulnerabilities Moshe Siman Tov Bustan, Nir Zadok
May 12, 2026 MarkItDown MCP Exposes Developer Machines to File Theft Moshe Siman Tov Bustan, Nir Zadok
May 12, 2026 CVE-2025-69443: Archon OS Vulnerable To Unauthenticated Web-To-Client Attack Moshe Siman Tov Bustan, Nir Zadok
May 12, 2026 “Shai-Hulud, Here We Go Again”: 170+ Packages Hit Across npm & PyPi Moshe Siman Tov Bustan
April 30, 2026 8.3M Downloads Compromised: Lightning & Intercom-Client Infected in Latest Shai-Hulud Attack Moshe Siman Tov Bustan, Nir Zadok
April 29, 2026 Shai-Hulud Hits SAP: Stolen Credentials Found in 1,200 GitHub Repos Moshe Siman Tov Bustan, Nir Zadok
April 27, 2026 Flowise (CVE-2026-40933) & Upsonic (CVE-2026-30625): What to do when best practice isn’t enough? Moshe Siman Tov Bustan
April 24, 2026 Securing the AI Supply Chain: How OX VibeSec Defends Against Anthropic MCP Vulnerability Mustafa Naamnih, Bar Azouri, Matan Feller
