Vitaly Simonovich

Security Researcher

Vulnerability Research · Threat Intelligence · AI Security

Senior security researcher working across vulnerability research, threat intelligence, and AI security. I break systems the way real attackers do, from core internet infrastructure like DNS and glibc to browsers, web platforms, and LLMs, and turn those findings into practical defenses, threat reports, and education so organizations can stay ahead of attackers.

githublinkedinxRemote, available worldwide

Last updated: July 17, 2026

At a glance

  • 10+Years Experience
  • 21CVEs Discovered
  • 9+Public Speaking
  • 41+Press Mentions

Areas of expertise

  • Vulnerability Research
  • Threat Intelligence
  • LLM & GenAI Security
  • Jailbreaks & Prompt Injection
  • Application Security
  • Data Security
  • Offensive Security & CTFs
  • Security Education & Public Speaking

Highlights

  • HashJack Research

    First known indirect prompt injection technique weaponizing URL fragments to manipulate AI browser assistants. Covered by Forbes, The Register, and The Hacker News.

  • Apple WebKit Vulnerabilities

    Two flaws in Apple WebKit (CVE-2026-28917, CVE-2026-28962): a memory-safety crash and an information disclosure issue, both fixed in Safari 26.5.

  • Operation Poisson

    A 33-day French-speaking cybercrime operation captured command-by-command, revealing how a junior operator used Tailscale and OpenSSH to keep access after his C2 went offline. Covered by The Hacker News.

  • MongoDB Hall of Fame

    Pre-authentication denial of service in MongoDB Server (CVE-2026-25611, High severity) and induction into the MongoDB Security Researcher Hall of Fame.

  • Core Infrastructure CVEs

    A 2026 run of vulnerability discoveries across the internet's backbone: BIND 9, PowerDNS, Jenkins, WordPress, and Google Chrome.

CVEs discovered (21)

10 High · 8 Medium · 3 Low.

CVEVendorSeveritySummary
CVE-2026-48936Node.jsLowPermission model network bypass via Unix socket. Incomplete fix for CVE-2026-21636 in the Node.js Permission Model: a local server can be started over a Unix domain socket without the --allow-net permission, bypassing the intended network restrictions. Affects Node.js 26; fixed in 26.3.1.
CVE-2026-55827FreeRDPHighRemoteFX heap buffer overflow. Heap buffer overflow in FreeRDP where the GDI layer passes desktop surface dimensions instead of bitmap dimensions as write bounds to the RemoteFX decoder, letting a malicious RDP server write past the allocated bitmap buffer with attacker-influenced content and potentially hijack execution. Affects 2.0.0 through 2.11.7 and 3.0.0 through 3.27.0; fixed in 3.27.1.
CVE-2026-55564FreeRDPMediumGlyph cache out-of-bounds read. Off-by-one error in FreeRDP's glyph_cache_get() bounds check lets a malicious RDP server trigger an out-of-bounds heap read via crafted glyph fragments, dereferencing one slot past the glyph cache array and potentially causing denial of service or information disclosure. Affects versions up to 3.26.0; fixed in 3.27.0.
CVE-2026-28917Apple WebKitMediumMemory-safety process crash. Memory-safety issue in Apple WebKit where processing maliciously crafted web content can cause an unexpected process crash (denial of service). Fixed in Safari 26.5 on macOS Sonoma and macOS Sequoia.
CVE-2026-28962Apple WebKitMediumInformation disclosure. Information disclosure vulnerability in Apple WebKit where processing maliciously crafted web content may reveal sensitive user information. Fixed in Safari 26.5 on macOS Sonoma and macOS Sequoia.
CVE-2026-5913Google ChromeLowOut-of-bounds read in Blink. Out-of-bounds read in the Blink rendering engine in Google Chrome prior to 147.0.7727.55 allows a remote attacker to perform an out-of-bounds memory read via a crafted HTML page. Affects Chrome on Windows, Linux, and macOS.
CVE-2026-33608PowerDNSHighBackend DoS via crafted NOTIFY. Incomplete domain name sanitization during Bind autosecondary zone transfer in PowerDNS Authoritative Server allows an attacker to send a notify request causing a secondary domain to be added with invalid configuration, rendering the Bind backend inoperable after restart. Affects versions up to 5.0.3 and 4.9.13.
CVE-2026-33257PowerDNSMediumWebserver memory exhaustion. Insufficient input validation of the internal webserver in PowerDNS Authoritative Server and DNSdist allows an unauthenticated attacker to send crafted HTTP requests causing unlimited memory allocation and denial of service. Requires the web server feature to be enabled. Affects PowerDNS Authoritative 3.4.0–5.0.3 and DNSdist up to 2.0.3.
CVE-2026-42390PowerDNSMediumRecursor ZONEMD validation bypass. ZONEMD verification bypass in the PowerDNS Recursor: the digest compare loop does not re-check scheme eligibility, so a zone carrying a reserved scheme=0 ZONEMD record with the correct digest passes validation even when the eligible record's digest is wrong. Relevant when Zone-to-Cache is configured with zonemd: require. Affects Recursor 5.4.0 through 5.4.2; fixed in 5.4.3.
CVE-2026-42004PowerDNSLowDNSdist EDNS options smuggling. EDNS options smuggling in PowerDNS DNSdist: a crafted EDNS OPT record is ignored by DNSdist's filtering rules but rewritten as a valid OPT record when EDNS Client Subnet is inserted, so the backend receives EDNS options that DNSdist did not filter. Affects DNSdist up to 1.9.14 and 2.0.6; fixed in 1.9.15 and 2.0.7.
CVE-2026-3104ISC BIND 9HighResolver memory leak DoS. Memory leak in BIND 9 resolvers triggered by specially crafted domain queries, causing denial of service through resource exhaustion. Affects BIND 9.20.0–9.20.20 and 9.21.0–9.21.19.
CVE-2026-3119ISC BIND 9MediumCrash via TKEY query. Authenticated query containing a TKEY record with a valid TSIG can cause the BIND named daemon to terminate unexpectedly. Affects BIND 9.20.0–9.20.20 and 9.21.0–9.21.19.
CVE-2026-33001JenkinsHighArbitrary file write via symlinks. Link following vulnerability in Jenkins 2.554 and earlier, LTS 2.541.2 and earlier allows crafted .tar and .tar.gz archives to write files to arbitrary locations via symbolic links, enabling code execution by attackers with Item/Configure permission or control of agent processes.
CVE-2026-25611MongoDBHighPre-auth memory exhaustion DoS. Pre-Authentication Memory Exhaustion Denial of Service in MongoDB Server. A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.
CVE-2025-15281glibcHighUse-after-free in wordexp(). Use-After-Free vulnerability in glibc's wordexp() function when using WRDE_REUSE and WRDE_APPEND flags, allowing memory corruption and potential code execution via uninitialized memory access.
CVE-2026-0859TYPO3MediumInsecure deserialization in mailer. Insecure Deserialization vulnerability in TYPO3 CMS Mailer file spool allowing local users with write access to the spool directory to inject and execute arbitrary PHP code via crafted serialized files.
CVE-2026-49740TYPO3MediumInsecure deserialization in Core API. Insecure deserialization in the TYPO3 CMS Core API (ext:core) where crafted serialized data can affect downstream components. Fixed across TYPO3 13.4.31 LTS, 14.3.3 LTS, and ELTS releases.
CVE-2025-67849MoodleHighStored XSS in AI Course Assist. Stored Cross-Site Scripting (XSS) vulnerability in Moodle's AI Course Assist via unsanitized HTML rendering in the response template, allowing authenticated users to execute arbitrary JavaScript and steal session tokens.
CVE-2025-64496Open WebUIHighCode injection via SSE. Code Injection vulnerability in Open WebUI via Server-Sent Events (SSE) in Direct Connections feature, allowing malicious external model servers to execute arbitrary JavaScript and steal authentication tokens.
CVE-2025-52670Revive AdserverHighAuthorization bypass (IDOR). Authorization Bypass (IDOR) vulnerability in Revive Adserver allowing authenticated users to delete banners owned by other accounts via improper ownership validation.
CVE-2025-52668Revive AdserverHighStored XSS. Stored Cross-Site Scripting (XSS) vulnerability in Revive Adserver's statistics-conversions.php script via tracker or campaign names, enabling session hijacking and information disclosure.

Awards & recognition (6)

  • Security Vulnerability Credit, WordPress (2026)

    Credited for reporting an AJAX query-attachments authorization bypass, fixed in WordPress 6.9.2.

  • Security Vulnerability Credit, ISC (BIND9) (2026)

    Credited for reporting a NULL pointer dereference crash in BIND9's QP-trie cache, fixed in BIND 9.21.19.

  • Security Advisory Credit, Jenkins (2026)

    Credited for independent discovery of a link following vulnerability in Jenkins, reported through the Jenkins Bug Bounty Program sponsored by the European Commission.

  • Security Researcher Hall of Fame, MongoDB (2026)

    Recognized for responsibly disclosing a security vulnerability in MongoDB products.

  • AI Safety - Immersive world jailbreak, Microsoft (2025)

    Awarded for discovering the 'Immersive world' jailbreak in Microsoft's copilot.

  • AI Security - Edge browser prompt injection, Microsoft (2025)

    Indirect prompt injection vulnerability found in Microsoft's edge browser.

Research (21)

Speaking (11)

  • HashJack: Exploiting URL Fragments to Hijack AI Browser Assistants

    Ekoparty Security Conference · 2026-05-22 · Miami, FL, USA

    An indirect prompt injection technique that hides malicious instructions in URL fragments to hijack AI browser assistants, with real attack scenarios and defensive guidance.

  • Agentic Security: Past, Present, and Future

    SASEfy 2026 · 2026-05 · Virtual

    A panel on the past, present, and future of agentic AI security, presented with Cato CTRL's Etay Maor and Microsoft security architects Abhilasha Bhargav-Spantzel and Pushkar Saraf.

  • The Anatomy of Criminal Failure: Analyzing OpSec Flaws in Major Takedowns

    RSA Conference 2026 · 2026-03-23 · San Francisco, CA, USA

    An in-depth analysis of operational security failures that led to the takedown of major cybercriminal operations, examining the mistakes that ultimately exposed threat actors to law enforcement.

  • Vibe Hunting: Turning AI Coding Agents into Autonomous Vulnerability Researchers

    RootedCON Madrid 2026 · 2026-03 · Madrid, Spain

    How AI coding agents can be turned into autonomous vulnerability researchers, exploring the offensive potential of vibe-driven AI workflows for security research.

  • The Dark Side Of LLMs

    BSidesTLV AI Hacking Village · 2025-12-11 · Tel Aviv, Israel

    An exploration of the security implications and potential threats posed by Large Language Models, examining attack vectors, vulnerabilities, and defensive strategies in the evolving AI landscape.

  • The Dark Mirror of LLMs

    APAC Partner Summit · 2025-09-15 · Bangkok, Thailand

    Presentation exploring the darker applications of Large Language Models, examining how AI can be weaponized by adversaries and what organizations need to know to protect themselves.

  • The Black Mirror of LLMs: How AI Powers the Adversary

    HackAPrompt Webinar · 2025-07-28

    Online session examining how adversaries leverage AI and Large Language Models to enhance their attack capabilities, with real-world examples and defensive strategies.

  • 2025 Cato CTRL™ Threat Report

    Cato Networks APJ Customer & Partner Event · 2025-05-20 · Tokyo, Japan

    Presentation of the 2025 Cato CTRL Threat Report to customers and partners across the APJ region, covering the latest threat intelligence and security trends.

  • From Assistants to Adversaries: The LLM Threat Landscape

    Qubit 2025 Conference · 2025-05-15 · Prague, Czech Republic

    A deep dive into how Large Language Models are transforming the threat landscape, from AI-powered assistants to potential adversarial tools, and what security professionals need to know.

  • Skyfall - Threats in the Cloud

    Cato Networks x Porsche Event · 2024-11-15 · Stuttgart, Germany

    Exclusive presentation at the Porsche Museum covering cloud security threats and vulnerabilities, exploring how organizations can protect their cloud infrastructure.

  • Warning! Botnet Is In Your House…

    Botconf 2022 · 2022-04-26 · Nantes, France

    Research presentation on IoT botnets targeting home devices, examining infection vectors, command and control infrastructure, and the growing threat to consumer networks.

Writing (12)

Press coverage (65)

2026

2025

2022

Syndicated coverage (6)