Yuval Moravchick_Headshot1

Yuval Moravchick

JFrog Vulnerability Research Team Lead

Yuval is the vulnerability research team leader at JFrog. With over 10 years of technical experience, he has built and led security teams at various organizations, specializing in penetration testing, security research, and the development of offensive tools. Prior to JFrog, he held roles at Cato Networks and Wix, leading AppSec research teams, authoring the vulnerability research blog, detecting zero-days and managing SSDLC activities. Yuval holds a B.Sc. in Industrial  Engineering and has several industry certifications, including Offensive Security Certified Professional (OSCP) and Offensive Security Web Expert (OSWE).

The Latest From Yuval Moravchick

  • PixelSmash – Critical FFmpeg Vulnerability Turns Media Files into Weapons

    | 23 min read

    JFrog Security Research recently discovered and disclosed a critical vulnerability in FFmpeg, the world's most widely deployed media processing framework. The discovered vulnerability, which we've named PixelSmash, is CVE-2026-8461 - a heap out-of-bounds write in the MagicYUV decoder (CVSS 8.8 High). We escalated this vulnerability from a simple crash all the way to reliable remote…

    Read More