Tomer Filiba

Tomer Filiba

CTO

Feature Release

Sweet Security Extends Runtime CNAPP Coverage to Windows Environments

Sweet Security extended its runtime coverage to Windows environments.

Tomer Filiba

|

4

min read

Learn More
next generation of cloud protection-Sweet security
Breach

Shai-Hulud: The Self-Replicating npm Worm Stealing Secrets and Hijacking Pipelines

A massive supply-chain attack is affecting npm packages.

Tomer Filiba

|

3

min read

Learn More
next generation of cloud protection-Sweet security
Security Research

Largest npm Supply-Chain Attack to Date Targets Billions of Downloads

The npm ecosystem has suffered an unprecedented supply-chain attack.

Tomer Filiba

|

2

min read

Learn More
next generation of cloud protection-Sweet security
Security Research

Python Tar-File Vulnerability (CVE-2024-12718): What You Need to Know

A critical vulnerability in Python's tarfile module (versions ≥ 3.12) allows attackers to modify metadata or permissions on files.

Tomer Filiba

|

2

min read

Learn More
next generation of cloud protection-Sweet security
Security Research

NextJS Authorization Bypass (CVE-2025-29927) Highlights the Need for Stronger Runtime Security

Two researchers have recently discovered an authorization-bypass bug in the popular NextJS framework by Vercel. Tracked as CVE-2025-29927

Tomer Filiba

|

2

min read

Learn More
next generation of cloud protection-Sweet security
Security Research

IngressNightmare: How Runtime Changes the Game for Ingress-NGINX Kubernetes-Critical Vulnerabilities

A new set of high-severity vulnerabilities, collectively dubbed IngressNightmare, has been discovered by Wiz. Sweet keeps you secure.

Tomer Filiba

|

1

min read

Learn More
next generation of cloud protection-Sweet security
Security Research

CVE-2025-30066: tj-actions Supply Chain Attack

On Friday, a supply chain attack compromised the widely used GitHub Action tj-actions/changed-files, exposing secrets from numerous repos.

Tomer Filiba

|

2

min read

Learn More
next generation of cloud protection-Sweet security
Security Research

Of XZ and Unknown Unknowns

The recent XZ (liblzma) supply-chain attack is a marvel of social engineering and a great example of evading detection under the many-eyes..

Tomer Filiba

|

2

min read

Learn More
next generation of cloud protection-Sweet security
Security Research

Defending Against the Latest Ghostscript Vulnerability (CVE-2024-29510)

Bleeping Computer has recently reported on a new vulnerability within Ghostscipt, a widely used library for handling PostScript and PDF file

Tomer Filiba

|

min read

Learn More
next generation of cloud protection-Sweet security
Cloud Security

Understanding the New Vulnerabilities on Linux’s CUPS: What You Should Know

Yesterday, a new set of vulnerabilities (CVE-2024-47076, CVE-2024-47175/6/7) was discovered on Linux’s Common UNIX Printing System...

Tomer Filiba

|

3

min read

Learn More
next generation of cloud protection-Sweet security
Security Research

Welcome to CandyStore: Sweet Security’s Open Source Key-Value Storage

We’re excited to announce that Sweet Security has officially released CandyStore – an extremely fast open source key-value store

Tomer Filiba

|

2

min read

Learn More
next generation of cloud protection-Sweet security