Back
Shachar-Menashe

Shachar Menashe

Senior Director Security Research

Shachar has more than 15 years of experience in security research & engineering, including low-level R&D, reverse engineering and vulnerability research. He currently leads the security research division in JFrog, specializing in automated vulnerability research techniques. Before joining Vdoo and JFrog, Shachar was responsible for building the low-level security of Magic Leap’s custom OS. Shachar holds a BSc in Electronics Engineering and Computer Science from Tel-Aviv University.

The Latest From Shachar Menashe

  • CVE-2024-3094 XZ Backdoor: All you need to know
    | 14 min read

    Update April 1st - Updated "What is the malicious payload of CVE-2024-3094?" due to newly released OSS tools Update April 7th - Updated "What is the malicious payload of CVE-2024-3094?" due to more published payload research   On March 29th, it was reported that malicious code enabling unauthorized remote SSH access has been detected within…

    Read More  

  • Watch out for DoS when using Rust’s popular Hyper package
    | 5 min read

    The JFrog Security Research team is constantly looking for new and previously unknown vulnerabilities and security issues in popular open-source projects to help improve their security posture and defend the wider software supply chain. As part of this effort, we recently discovered and disclosed multiple vulnerabilities in popular Rust projects such as Axum, Salvo and…

    Read More  

  • Latest LastPass security breach highlights developers as a high-value target
    | 5 min read

    Last August, the maintainers of the LastPass cloud-based password manager tool reported a security breach in their servers. The disclosure maintained that an unauthorized party gained access to the LastPass development environment through a single compromised developer account. However - while source code and technical information was stolen, no user data was compromised and no…

    Read More  

  • Turns out 78% of reported common CVEs on top DockerHub images are not really exploitable
    | 15 min read

    Research motivations Similarly to our previous research on “Secrets Detection,” during the development and testing of JFrog Xray’s new “Contextual Analysis” feature, we wanted to test our detection in a large-scale real-world use case, both for eliminating bugs and testing the real-world viability of our current solution. However, unlike the surprising results we got in our…

    Read More