How MCP Authentication Flaws Enable RCE in Claude Code, Gemini CLI, and More

A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names.

Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.

Binarly has published VulHunt Community Edition, making the core scanning engine from Binarly's commercial Transparency Platform available to independent

OXO is a vulnerability scanning orchestrator that automatically binds tools together allowing for rapid scale.

Introduction Hello, I’m RyotaK (@ryotkak ), a security engineer at Flatt Security Inc. A few days ago, I was upgrading my home lab network, and I decided to upgrade the OpenWrt on my router.1 After accessing the LuCI, which is the web interface of OpenWrt, I noticed that there is a section called Attended Sysupgrade, so I tried to upgrade the firmware using it. After reading the description, I found that it states it builds new firmware using an online service.

Download the Writeup Illustration Romain Flamand – Flamingo Studio – [email protected] Abstract Secure elements are small microcontrollers whose main purpose is to generate/store secrets and then execute cryptographic operations. They undergo the highest level of security evaluations that exists (Common Criteria) and are often considered inviolable, even in the worst-case attack scenarios. Hence, complex secure […]

Copy Fail (CVE-2026-31431): a 732-byte Linux LPE — straight-line, no race, no per-distro offsets. Same Python script roots Ubuntu, Amazon Linux, RHEL, SUSE since 2017. Page-cache write bypasses on-disk file-integrity tools and crosses container boundaries. Found by Xint Code.

The Common Vulnerabilities and Exposures (CVE) Program has become the cornerstone of vulnerability management. Nearly all technology vendors and service providers identify vulnerabilities with CVEs when they publish security advisories. Most security products and services related to vulnerabilities

: Fluent Bit has 15B+ deployments … and 5 newly assigned CVEs

No patches yet, can be mitigated, requires user interaction

After DHS did not renew its funding contract for reasons unspecified, MITRE’s 25-year-old Common Vulnerabilities and Exposures (CVE) program was slated for an abrupt shutdown on April 16, which would have left security flaw tracking in limbo. CISA stepped in to provide a bridge.

A vulnerability in the popular open-source firewall software pfSense has been identified, allowing for remote code execution (RCE) attacks.

Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser.

Worldwide enumeration of accounts was possible due to a —now closed— privacy vulnerability

Spotify recently introduced its security vulnerability management platform, Kitsune. Right from vulnerability detection to providing insights based on metrics, Kitsune manages the overall security vul