<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Elad Beber — Security Research</title><description>Vulnerability research across cloud, AI coding tools and Windows — reverse engineering, exploit development and coordinated disclosure.</description><link>https://eladbeber.com/</link><item><title>The Pipe That Trusted Everyone</title><link>https://cymulate.com/blog/openai-codex-cli-named-pipe-vulnerability/</link><guid isPermaLink="true">https://cymulate.com/blog/openai-codex-cli-named-pipe-vulnerability/</guid><description>A named-pipe local-trust vulnerability in OpenAI&apos;s Codex CLI.</description><pubDate>Wed, 01 Jul 2026 00:00:00 GMT</pubDate></item><item><title>CVE-2026-35603: One Writable Folder, Every User Compromised</title><link>https://cymulate.com/blog/cve-2026-35603-ai-coding-tools-privilege-escalation/</link><guid isPermaLink="true">https://cymulate.com/blog/cve-2026-35603-ai-coding-tools-privilege-escalation/</guid><description>Privilege escalation in AI coding tools — a single writable folder compromises every user. Coordinated disclosure with CVE assignment.</description><pubDate>Wed, 17 Jun 2026 00:00:00 GMT</pubDate></item><item><title>When a Web Search Becomes a Backdoor: RCE in Codex CLI via Prompt Injection</title><link>https://cymulate.com/blog/codex-cli-rce-prompt-injection-mitigations/</link><guid isPermaLink="true">https://cymulate.com/blog/codex-cli-rce-prompt-injection-mitigations/</guid><description>Remote code execution in OpenAI Codex CLI via prompt injection and binary hijacking on Windows.</description><pubDate>Thu, 04 Jun 2026 00:00:00 GMT</pubDate></item><item><title>When AI Tools Become the Backdoor: Zero-Click RCE via Prompt Injection</title><link>https://cymulate.com/blog/zero-click-rce-prompt-injection-ai-tools/</link><guid isPermaLink="true">https://cymulate.com/blog/zero-click-rce-prompt-injection-ai-tools/</guid><description>Zero-click remote code execution in AI tools through prompt injection.</description><pubDate>Thu, 04 Jun 2026 00:00:00 GMT</pubDate></item><item><title>CVE-2025-64669: Uncovering Local Privilege Escalation in Windows Admin Center</title><link>https://cymulate.com/blog/cve-2025-64669-windows-admin-center/</link><guid isPermaLink="true">https://cymulate.com/blog/cve-2025-64669-windows-admin-center/</guid><description>A local privilege escalation flaw in Windows Admin Center caused by insecure directory permissions, exploitable via extension uninstall abuse or DLL hijacking to reach SYSTEM.</description><pubDate>Wed, 06 May 2026 00:00:00 GMT</pubDate></item><item><title>CVE-2026-32196: One-Click RCE via Windows Admin Center Control Flow Hijacking</title><link>https://cymulate.com/blog/cve-2026-32196-one-click-rce-windows-admin-center/</link><guid isPermaLink="true">https://cymulate.com/blog/cve-2026-32196-one-click-rce-windows-admin-center/</guid><description>Chained Windows Admin Center vulnerabilities allowing administrator-level remote code execution from a single malicious URL click, on Azure and on-prem deployments.</description><pubDate>Wed, 06 May 2026 00:00:00 GMT</pubDate></item><item><title>The Race to Ship AI Tools Left Security Behind. Part 1: Sandbox Escape</title><link>https://cymulate.com/blog/the-race-to-ship-ai-tools-left-security-behind-part-1-sandbox-escape/</link><guid isPermaLink="true">https://cymulate.com/blog/the-race-to-ship-ai-tools-left-security-behind-part-1-sandbox-escape/</guid><description>How the rush to ship AI coding tools left sandbox-escape vulnerabilities behind.</description><pubDate>Sun, 03 May 2026 00:00:00 GMT</pubDate></item><item><title>Uncovered: Improper Attestation Signature Validation in Windows Admin Center</title><link>https://cymulate.com/blog/improper-attestation-validation-windows-admin-center/</link><guid isPermaLink="true">https://cymulate.com/blog/improper-attestation-validation-windows-admin-center/</guid><description>An improper attestation signature validation flaw in Microsoft Windows Admin Center.</description><pubDate>Tue, 17 Mar 2026 00:00:00 GMT</pubDate></item><item><title>InversePrompt: Turning Claude Against Itself, One Prompt at a Time</title><link>https://cymulate.com/blog/cve-2025-547954-54795-claude-inverseprompt/</link><guid isPermaLink="true">https://cymulate.com/blog/cve-2025-547954-54795-claude-inverseprompt/</guid><description>Write-up of CVE-2025-54794 and CVE-2025-54795 in Anthropic Claude Code.</description><pubDate>Mon, 04 Aug 2025 00:00:00 GMT</pubDate></item><item><title>EscapeRoute: Breaking the Scope of Anthropic&apos;s Filesystem MCP Server</title><link>https://cymulate.com/blog/cve-2025-53109-53110-escaperoute-anthropic/</link><guid isPermaLink="true">https://cymulate.com/blog/cve-2025-53109-53110-escaperoute-anthropic/</guid><description>Write-up of CVE-2025-53109 and CVE-2025-53110 in the Anthropic Filesystem MCP Server.</description><pubDate>Wed, 02 Jul 2025 00:00:00 GMT</pubDate></item><item><title>Path Traversal in AWS SSM Agent&apos;s Plugin ID Validation</title><link>https://cymulate.com/blog/aws-ssm-agent-plugin-id-path-traversal/</link><guid isPermaLink="true">https://cymulate.com/blog/aws-ssm-agent-plugin-id-path-traversal/</guid><description>A path traversal vulnerability in the AWS SSM Agent, patched after coordinated disclosure. Covered by The Hacker News.</description><pubDate>Tue, 08 Apr 2025 00:00:00 GMT</pubDate></item><item><title>Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD</title><link>https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/</link><guid isPermaLink="true">https://cymulate.com/blog/exploiting-pta-credential-validation-in-azure-ad/</guid><description>Azure AD / Entra ID pass-through authentication research. MSRC Hall of Fame, August 2024. Covered by Forbes and The Hacker News.</description><pubDate>Thu, 15 Aug 2024 00:00:00 GMT</pubDate></item><item><title>How Cymulate Discovered an Abuse Risk in Google Cloud Platform</title><link>https://cymulate.com/blog/cymulate-risk-google-cloud/</link><guid isPermaLink="true">https://cymulate.com/blog/cymulate-risk-google-cloud/</guid><description>A path traversal / command injection abuse path in the GCP google-guest-agent.</description><pubDate>Thu, 08 Sep 2022 00:00:00 GMT</pubDate></item></channel></rss>