Tom's Hardware on MSN

Anthropic's model context protocol includes a critical remote code execution vulnerability

A design choice in the MCP SDKs allows remote code execution across the AI supply chain.
Dark Reading

Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool

The prompt-injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...
Dark Reading

DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'

A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other ...

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.