May 12, 2026 Shai-Hulud Goes Open Source: Malware Creators Leak Their Own Code to GitHub Moshe Siman Tov Bustan
May 12, 2026 “Shai-Hulud, Here We Go Again”: 170+ Packages Hit Across npm & PyPi Moshe Siman Tov Bustan
April 30, 2026 8.3M Downloads Compromised: Lightning & Intercom-Client Infected in Latest Shai-Hulud Attack Moshe Siman Tov Bustan, Nir Zadok
April 29, 2026 Shai-Hulud Hits SAP: Stolen Credentials Found in 1,200 GitHub Repos Moshe Siman Tov Bustan, Nir Zadok
April 27, 2026 Flowise (CVE-2026-40933) & Upsonic (CVE-2026-30625): What to do when best practice isn’t enough? Moshe Siman Tov Bustan
April 24, 2026 Securing the AI Supply Chain: How OX VibeSec Defends Against Anthropic MCP Vulnerability Mustafa Naamnih, Bar Azouri, Matan Feller
April 23, 2026 Shai-Hulud: The Third Coming — Bitwarden CLI Backdoored in Latest Supply Chain Campaign Moshe Siman Tov Bustan, Nir Zadok
April 20, 2026 Supply Chain Attack Hits Vercel: User Data is Being Sold on BreachForums For $2M Moshe Siman Tov Bustan, Nir Zadok
March 30, 2026 TeamPCP’s Telnyx Windows Malware: Technical Analysis Moshe Siman Tov Bustan, Nir Zadok
March 24, 2026 LiteLLM PyPI Malware Steals Cloud, Crypto, Slack, and Discord Keys Moshe Siman Tov Bustan, Aviad Levy
March 24, 2026 Known, Unpatched, Exploitable: Redash’s Python Sandbox Escape Gives Attackers Full Server Access Nir Zadok, Eyal Paz, Moshe Siman Tov Bustan
