eladbeber
@sec:~
research
blog
talks
ctf
about
◐
Blog
2026-07-01
The Pipe That Trusted Everyone ↗
OpenAI
2026-06-17
CVE-2026-35603: One Writable Folder, Every User Compromised ↗
Anthropic
Cursor
OpenAI
Google
2026-06-04
When a Web Search Becomes a Backdoor: RCE in Codex CLI via Prompt Injection ↗
OpenAI
2026-06-04
When AI Tools Become the Backdoor: Zero-Click RCE via Prompt Injection ↗
Amazon
Cursor
GitHub
Google
OpenAI
2026-05-06
CVE-2025-64669: Uncovering Local Privilege Escalation in Windows Admin Center ↗
Microsoft
2026-05-06
CVE-2026-32196: One-Click RCE via Windows Admin Center Control Flow Hijacking ↗
Microsoft
2026-05-03
The Race to Ship AI Tools Left Security Behind. Part 1: Sandbox Escape ↗
Anthropic
Google
OpenAI
2026-03-17
Uncovered: Improper Attestation Signature Validation in Windows Admin Center ↗
Microsoft
2025-08-04
InversePrompt: Turning Claude Against Itself, One Prompt at a Time ↗
Anthropic
2025-07-02
EscapeRoute: Breaking the Scope of Anthropic's Filesystem MCP Server ↗
Anthropic
2025-04-08
Path Traversal in AWS SSM Agent's Plugin ID Validation ↗
Amazon
2024-08-15
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD ↗
Microsoft
2022-09-08
How Cymulate Discovered an Abuse Risk in Google Cloud Platform ↗
Google