Back
Ofri_Ouzan_headshot1 - round

Ofri Ouzan

JFrog Security Researcher

Ofri is a security researcher and advocate at JFrog Security. With over six years of experience in the field of cyber security, she specializes in conducting security research focusing on vulnerabilities and exploitation. Ofri excels at exploring new technologies and developing solutions to address the latest cyber security threats.

The Latest From Ofri Ouzan

  • CVE-2025-6515 Prompt Hijacking Attack – How Session Hijacking Affects MCP Ecosystems
    | 10 min read

    JFrog Security Research recently discovered and disclosed multiple CVEs in oatpp-mcp - the Oat++ framework’s implementation of Anthropic’s Model Context Protocol (MCP) standard. Among these, CVE-2025-6515 stood out due to its potential threat of hijacking MCP session IDs. Within the context of MCP we’ve dubbed this new attack technique "Prompt Hijacking". Your browser does not…

    Read More  

  • Why Cloudsmith Is a Risk You Can’t Afford: A Wake-Up Call on Superficial Software Supply Chain Security
    | 25 min read

    On the surface, some tools market DevSecOps capabilities as part of their software supply chain solution. Still, DevOps and Security teams who dig deeper into these tools will quickly spot some red flags, including: Packaging Competitor's Open Source as an Enterprise solution: Selling a paid “security” solution that’s little more than a thin UI layer…

    Read More  

  • A Vulnerable Future: MITRE’s Close Call in CVE Management
    | 16 min read

    Last week, one of the biggest concerns in the cybersecurity industry created a crisis that was avoided at the last minute. On April 16th, 2025, the MITRE Corporation announced:  “The current contracting pathway for MITRE to develop, operate, and modernize CVE and several other related programs, such as CWE, will expire.” Official letter from MITRE…

    Read More