Dark Reading

Rust-Written IronWorm Hits NPM Supply Chain

A newly discovered malware campaign targeting the open source software ecosystem underscores how rapidly supply chain threats are evolving. The campaign, which JFrog has dubbed "IronWorm," targets ...
VentureBeat

200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

Source: VentureBeat created with Imagen. MCP's STDIO transport, the default for connecting an AI agent to a local tool, executes any operating system command it ...
SecurityWeek

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Over 1,800 developers were affected by the Mini Shai-Hulud supply chain attack that hit the PyPi, NPM, and PHP ecosystems over the past two days. Attributed to the TeamPCP hacking group, the campaign ...
American Banker

Unpatched AI flaw poses risk to banking sector

Security researchers at OX Security said last week that Anthropic's fast-spreading standard for connecting AI agents to tools that help these agents complete tasks contains an architectural flaw, and ...
搜狐

Anthropic MCP协议曝重大架构缺陷,数十个关键漏洞引爆AI安全社区

AI巨头Anthropic公司开发的行业标准通信协议——模型上下文协议(Model Context Protocol, MCP)近期面临严峻的安全挑战。安全研究团队OX Security发布报告指出,该协议在架构层面存在根本性设计缺陷,可能导致服务器被诱骗执行任意代码(Remote Code Execution, RCE)。
The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading ...
theregister

Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into Anthropic's official Model Context Protocol (MCP) puts as many as 200,000 servers ...
搜狐

超20万台AI服务器面临攻击风险:Anthropic的MCP协议被曝存在严重设计缺陷

AI开发社区近日神经紧绷,一份安全报告指出,超过20万台AI服务器面临潜在攻击风险。 网络安全公司OX Security于2026年4月15日发布报告,揭示了Anthropic的MCP(Model Context Protocol,模型上下文协议)存在设计缺陷,可能导致远程代码执行。该漏洞影响范围广泛,波及 ...
IT之家

AI 圈地震:MCP 设计缺陷影响超 20 万台服务器,波及 Cursor、Claude Code ...

IT之家4 月 16 日消息,网络安全公司 OX Security 昨日(4 月 15 日)发布报告,披露 Anthropic 的 MCP(模型上下文协议)存在设计缺陷,可导致远程代码执行。 该设计缺陷影响范围极广,导致超过 20 万台 AI 服务器面临远程代码执行风险。 IT之家注:MCP 全称为 Model ...
Infosecurity-magazine.com

Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads

Security researchers have warned of a “critical, systemic” vulnerability in the model context protocol (MCP) which could have a significant impact on the AI supply chain. MCP is a popular open source ...
CSOonline

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configs open servers to possible remote code execution, as evidenced by several commercial services and open-source projects. AI agent building tools enable users to configure ...
来自MSN

Will the python survive regurgitating this animal?

This is what happens when you drink beer every day, according to experts Darrell Sheets, 'Storage Wars' star, found dead at 67 in Arizona home We asked 3 dietitians to pick the healthiest sandwich ...