NEWS

Fluent Bit vulnerabilities could enable full cloud takeover

Flaws in Fluent Bit could let attackers inject fake logs, reroute telemetry, and execute arbitrary code across cloud platforms.

Oligo report uncovers critical Fluent Bit flaws exposing cloud workloads

A new report out today from Oligo Cyber Security Ltd. details a new chain of five critical vulnerabilities in the widely deployed open-source logging agent Fluent Bit that exposes cloud environments to remote takeover.

Years-old bugs in open source tool left every major cloud open to disruption

A series of "trivial-to-exploit" vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain to completely disrupt cloud services and alter data.

Oligo delivers runtime-native security for models and agents

Oligo Security announced new capabilities to protect the broadest spectrum of AI deployments, including AI applications, LLMs, and agentic AI. The new platform modules address the largest blind spot in AI security by securing production AI technologies that remain largely ungoverned, unmonitored, and operating in real time.

Oligo Extends Runtime Protection Platform to Protect AI Apps, Models, and Agents

Industry-first capabilities give customers the visibility and control to securely drive innovation with emerging AI technologies

Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign

Threat actors are abusing Ray’s lack of authentication to compromise exposed clusters and deploy LLM-generated payloads and cryptocurrency miners.

New ShadowRay attacks convert Ray clusters into crypto miners

A global campaign dubbed ShadowRay 2.0 hijacks exposed Ray Clusters by exploiting an old code execution flaw to turn them into a self-propagating cryptomining botnet.

Hackers turn open-source AI framework into global cryptojacking operation

Malicious hackers have been attacking the development environment of an open-source AI framework, twisting its functions into a global cryptojacking bot for profit, according to researchers at cybersecurity firm Oligo.

Copy-paste vulnerability hits AI inference frameworks at Meta, Nvidia, and Microsoft

Flaws replicated from Meta’s Llama Stack to Nvidia TensorRT-LLM, vLLM, SGLang, and others, exposing enterprise AI stacks to systemic risk.

Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks

Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI) inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang.

Oligo Security Named to the Fortune Cyber 60 List for Second Consecutive Year

Recognition highlights Oligo’s leadership in runtime security for applications, cloud, workloads, and AI

Oligo Security Recognized as a 2025 SINET16 Innovator for Revolutionizing Runtime Security

Award highlights Oligo’s leading platform that delivers runtime security for applications, cloud, workloads, and AI

Apple CarPlay RCE Exploit Left Unaddressed in Most Cars

Even when a vulnerability is serious and a fix is available, actually securing cars is more difficult than one would hope.

Remote CarPlay Hack Puts Drivers at Risk of Distraction and Surveillance

Oligo Security has shared details on an Apple CarPlay attack that hackers may be able to launch without any interaction.

New Application Attack Matrix Helps Security Teams Tackle Cloud App Threats at the Source

Application-layer attacks are rising fast, but most security frameworks still focus on infrastructure. That mismatch leaves a blind spot in how modern threats actually unfold.

New Application Attack Matrix Establishes Industry Standard for Protecting Modern Cloud Applications

Collaboration with world-renowned cyber leaders yields a timely framework for how attackers target modern enterprise applications

Oligo Security strives to fill application-layer gaps in MITRE ATT&CK framework

Application Attack Matrix is a community effort designed to help defenders and organizations better understand and define how attackers use and exploit weaknesses in applications.

Security experts flag another worrying issue with Anthropic AI systems

Experts uncover way to run malicious code on devices remotely

Critical Vulnerability in Anthropic's MCP Exposes Developer Machines to Remote Exploits

Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol (MCP) Inspector project that could result in remote code execution (RCE) and allow an attacker to gain complete access to the hosts.

The 10 Hottest Cybersecurity Startups Of 2025 (So Far)

Oligo Security offers an application detection and response platform that aims to deliver enhanced visibility and a better picture of the true security risk in software. Key capabilities include “deep” inspection into applications at runtime, providing a real-time view into libraries and function-level activity, according to the company. In January, Oligo Security announced raising a $50 million Series B funding round led by Greenfield Partners.

If you use Apple AirPlay, you need to update your device and take these steps

A cybersecurity firm identified a number of vulnerabilities and brought them to Apple's attention.

23 Apple AirPlay Vulnerabilities ‘Could Have Far-Reaching Impacts’

The so-called “AirBorne” flaws enable zero-click attacks and device takeover on local networks.

Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks

​A set of security vulnerabilities in Apple's AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code execution.

AirPlay security flaws could help hackers spread malware on your network

Security researchers say the bugs could let hackers compromise your home network — or your CarPlay system.

Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi

Researchers reveal a collection of bugs known as AirBorne that would allow any hacker on the same Wi-Fi network as a third-party AirPlay-enabled device to surreptitiously run their own code on it.

Oligo Security Appoints Brandon Conley as Chief Revenue Officer and Alberto Rodrigues as Chief Customer Officer

Former Palo Alto Networks and Armis executives step into new roles to help Oligo navigate next stage of hyper growth, meet increased demand for ADR platform

Oligo Security Raises $50M to Tackle App Detection, Response

A startup founded by a former Israeli Military Intelligence leader raised $50 million to help protect applications in a world increasingly dependent on software.

Oligo Security raises $50M for its eBPF-powered application security platform

Cybersecurity startup Oligo Security Ltd. today announced that it has closed a $50 million funding round led by Greenfield Partners.

Meta Llama LLM security flaw could let hackers easily breach systems and spread malware

Meta's Llama Large Language Model (LLM) had a vulnerability which could have allowed threat actors to execute arbitrary code on the flawed server, experts have warned.

Severe Meta Llama issue risks RCE in AI systems

Artificial intelligence systems could be targeted with remote code execution intrusions through the exploitation of the now-addressed high-severity Meta Llama large language model framework vulnerability, tracked as CVE-2024-50050.

A pickle in Meta’s LLM code could allow RCE attacks

AI frameworks, including Meta’s Llama, are prone to automatic Python deserialization by pickle that could lead to remote code execution.

Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

A high-severity security flaw has been disclosed in Meta's Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server.

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning

SC Award Winners 2024 – Best Supply Chain Security Solution

Oligo Security has claimed the prestigious Best Supply Chain Security Solution award at the 2024 SC Awards, recognizing its revolutionary Oligo Application Defense Platform.

Oligo has been recognized as one of the "Top 21 Startups for 2024" (Hebrew)

Oligo Security secures applications by seeing deeper. We have brought together some of the best minds in the world to collaborate full-time on our mission.

Oligo Security Announces Mike O’Malley as Chief Marketing Officer

As it continues to rapidly accelerate growth in the market, Oligo Security, the leading runtime application security and observability platform, today announced the appointment of Mike O’Malley as Chief Marketing Officer (CMO).

Massive security flaw puts most popular browsers at risk on Mac

Hackers are already flooding browsers with malware and phishing links, and now researchers have discovered a vulnerability that gives them direct access to services on your laptop.

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks.

Hackers Have Exploited An 18-Year-Old ‘0.0.0.0-Day’ Loophole In Safari, Chrome And Firefox

Weaknesses in Chrome, Firefox and Safari gave hackers a route into internal networks, even those protected by firewalls, security researchers warn.

Israeli startups dominate promising cyber companies list

The list, selected by Chief Information Security Officers (CISOs), security leaders, and startup investors, includes 30 companies in total, 11 of which are Israeli-founded. Gomboc, Oligo, and Wing were named among the 10 early-stage companies

Building AI on a Foundation of Open Source Requires a Fundamentally New Approach to Application Security

AI has sprung from the pages of science fiction into our daily lives. The AI revolution is now accelerating, enabled by open-source software (OSS) models. These models are complex packages of open-source code made specifically for developing AI, allowing organizations to deploy AI models efficiently and at scale.

The Oligo Brothers: The Cyber ​​Startup That Defends Open Source (Hebrew)

They are only 28 years old, but their startup already employs 60 people and has raised about $30 million

Thousands of servers hacked in ongoing attack targeting Ray AI framework

Thousands of servers storing AI workloads and network credentials have been hacked in an ongoing attack campaign targeting a reported vulnerability in Ray, a computing framework used by OpenAI, Uber, and Amazon.

Oligo Security Builds Superstar Leadership Team With Key Industry Hires

As part of its rapid growth over the past year, Oligo Security, the leading runtime application security and observability platform, announced today new appointments to its leadership team and advisory board from major industry players including C-level executives from Snyk, Armis, Crowdstrike, CyberArk, and Microsoft.

Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch

Cybersecurity researchers have disclosed multiple critical security flaws in the TorchServe tool for serving and scaling PyTorch models that could be chained to achieve remote code execution on affected systems.

Publisher’s Spotlight: Oligo: Protect Your Open Source Libraries

Oligo Security is one of the leading open source cybersecurity platforms, pioneering the next wave of application security with a runtime solution that is proactive, effective, and frictionless.

The five coolest vendors at Black Hat USA 2023: Oligo, Veriti, Mobb, SafeBreach, CyberGRX

Black Hat USA 2023 was pure bliss for those of us who are passionate about cutting-edge security innovation. Before the event, The Readable reached out to more than 70 vendors through hundreds of emails...

Israeli cyber startups to watch: Unveiling five top innovators

The cybersecurity industry is at the forefront of Israel's technological landscape, boasting hundreds of companies in the field. To identify five of the most promising...

Israeli startup Oligo Security raises $28m

The company has developed a runtime application security and observability solution that allows enterprises to detect and prevent open source code vulnerabilities in their applications without affecting performance.

Cybersecurity startup Oligo debuts with new application security tech

An Israeli startup targets open source code vulnerabilities with advanced agentless filtering technology.

Oligo Security Mitigates Open Source Vulnerabilities at Runtime

Oligo Security today launched a runtime application security and observability platform that enables cybersecurity teams to detect and prioritize open source code vulnerabilities based on severity without affecting performance.

Oligo Security exits stealth using runtime application security to simplify open code vulnerability management

Oligo’s efficient use of run time monitoring lets users much more easily identify and remedy open source code vulnerabilities.

Three childhood friends founded a startup that protects your open source. Now Shlomo Kramer and Eyal Waldman are investing in them (Hebrew)

Israeli startup Oligo Security raised $28 million for a platform that detects malicious behavior in open source libraries

Oligo Security Raises $28M in Funding

Oligo Security, a Tel Aviv, Israel-based provider of an open source security solution, raised $28M in seed and Series A funding.

The cyber company Oligo Security raised $20 million in round A (Hebrew)

The company offers a security solution that reduces the weaknesses of open source libraries. The company offers a security solution that reduces the weaknesses of open source libraries.

Oligo Security raises $20 million Series A to secure open-source libraries

The Israeli startup’s technology profiles the legitimate behavior of each library, creating a knowledge base of libraries’ profiles and alerting or blocking whenever a library activity is not as expected

Flaws Expose Risks in Fluent Bit Logging Agent

A set of critical vulnerabilities affecting Fluent Bit, a widely used telemetry agent deployed more than 15 billion times, has been uncovered by cybersecurity researchers.