May 12, 2026 Shai-Hulud Goes Open Source: Malware Creators Leak Their Own Code to GitHub Moshe Siman Tov Bustan
May 12, 2026 CVE-2025-69443: Archon OS Vulnerable To Unauthenticated Web-To-Client Attack Moshe Siman Tov Bustan, Nir Zadok
May 12, 2026 MarkItDown MCP Exposes Developer Machines to File Theft Moshe Siman Tov Bustan, Nir Zadok
May 12, 2026 New MCP Security Flaws: Kubectl-mcp-server, Archon OS, and MarkItDown Vulnerabilities Moshe Siman Tov Bustan, Nir Zadok
May 12, 2026 “Shai-Hulud, Here We Go Again”: 170+ Packages Hit Across npm & PyPi Moshe Siman Tov Bustan
April 30, 2026 8.3M Downloads Compromised: Lightning & Intercom-Client Infected in Latest Shai-Hulud Attack Moshe Siman Tov Bustan, Nir Zadok
April 29, 2026 Shai-Hulud Hits SAP: Stolen Credentials Found in 1,200 GitHub Repos Moshe Siman Tov Bustan, Nir Zadok
April 27, 2026 Flowise (CVE-2026-40933) & Upsonic (CVE-2026-30625): What to do when best practice isn’t enough? Moshe Siman Tov Bustan
April 23, 2026 Shai-Hulud: The Third Coming — Bitwarden CLI Backdoored in Latest Supply Chain Campaign Moshe Siman Tov Bustan, Nir Zadok
April 20, 2026 Supply Chain Attack Hits Vercel: User Data is Being Sold on BreachForums For $2M Moshe Siman Tov Bustan, Nir Zadok
April 15, 2026 The Mother of All AI Supply Chains: Critical, Systemic Vulnerability at the Core of Anthropic’s MCP Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok, Roni Bar
