Vulnerability Insights

April 30, 2026

8.3M Downloads Compromised: Lightning & Intercom-Client Infected in Latest Shai-Hulud Attack

By Moshe Siman Tov Bustan&Nir Zadok

April 29, 2026

Shai-Hulud Hits SAP: Stolen Credentials Found in 1,200 GitHub Repos

By Moshe Siman Tov Bustan&Nir Zadok

April 27, 2026

Flowise (CVE-2026-40933) & Upsonic (CVE-2026-30625): What to do when best practice isn’t enough? 

By Moshe Siman Tov Bustan

April 23, 2026

Shai-Hulud: The Third Coming — Bitwarden CLI Backdoored in Latest Supply Chain Campaign

By Moshe Siman Tov Bustan&Nir Zadok

April 20, 2026

Supply Chain Attack Hits Vercel: User Data is Being Sold on BreachForums For $2M

By Moshe Siman Tov Bustan&Nir Zadok

April 15, 2026

The Mother of All AI Supply Chains: Critical, Systemic Vulnerability at the Core of Anthropic’s MCP

By Moshe Siman Tov Bustan,Mustafa Naamnih,Nir Zadok&Roni Bar

April 15, 2026

MCP Supply Chain Advisory: RCE Vulnerabilities Across the AI Ecosystem

By Moshe Siman Tov Bustan,Mustafa Naamnih&Nir Zadok

March 31, 2026

Axios Compromised With A Malicious Dependency

By Moshe Siman Tov Bustan&Nir Zadok

March 30, 2026

TeamPCP’s Telnyx Windows Malware: Technical Analysis

By Moshe Siman Tov Bustan&Nir Zadok

March 27, 2026

Telnyx Malware: TeamPCP Strikes Again Following LiteLLM Compromise

By Moshe Siman Tov Bustan

March 24, 2026

LiteLLM PyPI Malware Steals Cloud, Crypto, Slack, and Discord Keys

By Moshe Siman Tov Bustan&Aviad Levy

March 24, 2026

Known, Unpatched, Exploitable: Redash’s Python Sandbox Escape Gives Attackers Full Server Access

By Nir Zadok,Eyal Paz&Moshe Siman Tov Bustan