The Mitiga disclosure is the most recent, but it is not the first time Claude Code’s configuration model has created a ...

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...

Anthropic PBC’s official Git Model Context Protocol server has several security vulnerabilities that can lead to arbitrary file access and, in some scenarios, full remote code execution triggered ...

Developers using the latest versions of AI coding tools like Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI could inadvertently execute malicious code on their systems with a single keypress, or ...

A 9.9-severity vulnerability in Flowise’s MCP stdio implementation can allow attackers to achieve remote code execution in ...

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's how to audit your deployments.

Proof-of-concept (PoC) code has been published for a one-click RCE vulnerability in open source LLM building platform Flowise.

Tenet Security researchers reveal how new “agentjacking” attacks could trick coding agents into executing arbitrary code ...

Model Context Protocol (MCPs) plugins extend the functionality of Claude Code by allowing it to interact with external systems and perform specialized tasks. As explained by Michele Torti, MCPs can be ...

What if coding felt less like troubleshooting and more like orchestrating a symphony? With Google’s latest innovation, the Chrome DevTools MCP, that vision is closer to reality than ever. This new ...

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix maps every blind spot and fix.

Making inherently probabilistic and isolated large language models (LLMs) work in a context-aware, deterministic way to take real-world decisions and actions has proven to be a hard problem. As we ...