A design choice in the MCP SDKs allows remote code execution across the AI supply chain.

Splunk has released patches that resolve high- and medium-severity vulnerabilities in Splunk Enterprise and MCP Server.

The security defects could be exploited for remote code execution, OS command injection, and WAF detection bypass.

The prompt-injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...

A surge in AI agent adoption is exposing critical systems online ...

OpenClaw (formerly MoltBot) has become a major security liability, with SecurityScorecard reporting that over 28,000 systems ...

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing ...

When 500,000 Findings Hide 14 Real Threats Modern enterprises ingest vulnerability data from dozens of sources: endpoint ...

Researchers say a prompt injection bug in Google's Antigravity AI coding tool could have let attackers run commands, despite ...