OX Security

.@OX__Security researchers warn a FreeScout “Mail2Shell” flaw can bypass a prior patch to achieve RCE, potentially escalating to unauthenticated attacks on exposed instances. Users urged to upgrade immediately. #cybersecurity #CISO #infosec #ITsecurity bit.ly/4bs1XQH

Big results, less distraction. @auditboard cut 98% of irrelevant AppSec alerts with OX • 20–40 hours saved each week • Up to $1M in cost avoidance • Focused on real, reachable risks Full case study 👇 ox.security/case-study-aud…

Time bomb techniques, obfuscation & encryption, targeting OS specific files and directories, crypto wallets, uses multi-stage decryption to execute each part of the attack in the right time... You can read our initial analysis on the @OX__Security blog: ox.security/blog/npm-worm-…

The OX Research team has found vulnerabilities in 𝗳𝗼𝘂𝗿 popular IDE Extensions – confirming IDEs are the weakest link in an organization's supply chain security, bearing low exploit and high risk. ox.security/blog/four-vuln…

The @MunSecConf was a smashing success. Thank you to our amazing partners at the Economic and Trade Mission in Munich for the partnership and support throughout the delegation.

@Forbes cites our Army of Juniors report: AI code is great to start but fails to finish safely. 45% of AI-generated code has security flaws. Experts must master AI output to meet production standards. Forbes: forbes.com/sites/joetosca… Report: ox.security/resource-categ…

🚨 RCE ON vLLM! PATCH NOW! 🚨 A recently discovered vulnerability (CVE-2026-22778) in vLLM allows threat actors to send a malicious link to a vLLM service with the “video model” enabled in order to trigger an RCE, allowing complete takeover of the server! ox.security/blog/cve-2026-…

Forbes quoted us. NBD. @realjoet cited our Army of Juniors report: AI code works, but lacks architectural judgment, prioritizes functionality over security, and the mythical 2 person LLM startup still does not exist. AI writes. Humans decide. forbes.com/sites/joetosca…

@Attila387637616 @howfxr @Attila387637616 Hey, the pattern seems to match but this is a different campaign seemingly from a different actor, there's no use of C2 uploads, only the reported Base64 info sent to the remote server.

@howfxr @OX__Security Have you guys seen .zst file uploads as part of this campaign? Pattern seems to match the research but this method is strange. Back from September to December.

A malware campaign involving two Chrome extensions that impersonate a legitimate AI sidebar tool has been reported, according to @OX__Security! The extensions allegedly stole ChatGPT and DeepSeek conversations and browsing data.

New research drop 🚨 A critical flaw in DataEase lets attackers brute-force admin access using weak JWT secrets, putting enterprise BI environments at serious risk. High severity, widely used open source tool, real-world exposure. ox.security/blog/blog-data…

Spoiler: The 2026 version has better aim. 🕸️ Guess what? Attackers aren't chasing new tricks. They’re optimizing the basics. On Jan 27th see exactly how they’re doing it (and what we are doing to stop them). Save your spot: ox.security/webinar/threat…

Shift left sounds simple… until you actually try it. James Berthoty sat with us to talk about making security part of your coding flow, adding context, and ending up with better code without slowing you down. Watch the full conversation here: ox.security/webinar-regist…

Is it 2015 again? Attackers aren’t chasing trends, they’re mastering the basics. In 2025, phishing, permissions, and supply chain leaks still win. Only difference: AI scales the same old playbook faster, while defenders chase buzzwords. Read more: thehackernews.com/2026/01/what-s…

Attackers are upgrading. Again. 😅 We’ll look at the techniques gaining traction and some seriously cool findings from our research team. Most importantly, we're covering what you actually need to do about it all to keep secure. ox.security/webinar/threat…

It be like that sometimes

@OX__Security discovered Two Chrome Extensions Caught Stealing ChatGPT and DeepSeek Chats from 900,000 Users The names of the extensions, which collectively have over 900,000 users, are below - Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI (ID: fnmihdojmnkclgjpcoonokmkhjpjechg, 600,000 users) AI Sidebar with Deepseek, ChatGPT, Claude, and more. (ID: inhcgfpbfdjbjogdfjbclgolkmhnooop, 300,000 users) Full Article: ox.security/blog/malicious…

Had the opportunity to do some cool research on @reactjs today, published on our blog at @OX__Security, it's funny how these fixes sometimes look so unhinged 😅 Isn't there a better way to stop a loop? Read the full article ox.security/blog/react-cve… #reactjs #cve #vulnerability

The research team at @OX__Security wrote a detailed analysis on the latest React DoS and source code exposure vulnerabilities - CVE-2025-55184 CVE-2025-67779 CVE-2025-55183 Read our blog for all the details: ox.security/blog/react-cve…

$1M in Cursor & Amazon Bedrock bills just waiting to explode? In the latest research we did at @OX__Security, we found that any unpriviliged Cursor & Bedrock user can raise the cap on spending limit & reach crazy spending. #Cursor #Vulnerability #Cybersecurity #infosec 1/2