Yuval Moravchick
JFrog Vulnerability Research Team LeadYuval is the vulnerability research team leader at JFrog. With over 10 years of technical experience, he has built and led security teams at various organizations, specializing in penetration testing, security research, and the development of offensive tools. Prior to JFrog, he held roles at Cato Networks and Wix, leading AppSec research teams, authoring the vulnerability research blog, detecting zero-days and managing SSDLC activities. Yuval holds a B.Sc. in Industrial Engineering and has several industry certifications, including Offensive Security Certified Professional (OSCP) and Offensive Security Web Expert (OSWE).
The Latest From Yuval Moravchick
-
PixelSmash – Critical FFmpeg Vulnerability Turns Media Files into Weapons
| 23 min readJFrog Security Research recently discovered and disclosed a critical vulnerability in FFmpeg, the world's most widely deployed media processing framework. The discovered vulnerability, which we've named PixelSmash, is CVE-2026-8461 - a heap out-of-bounds write in the MagicYUV decoder (CVSS 8.8 High). We escalated this vulnerability from a simple crash all the way to reliable remote…
Read More