A design choice in the MCP SDKs allows remote code execution across the AI supply chain.

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...

Splunk has released patches that resolve high- and medium-severity vulnerabilities in Splunk Enterprise and MCP Server.

Microsoft has released its August 2025 Patch package, a cumulative set of updates addressing more than 100 vulnerabilities across a host of its products. Microsoft’s SharePoint Server Remote Code ...

The prompt-injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...

The security defects could be exploited for remote code execution, OS command injection, and WAF detection bypass.

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities.

The company also releases advisories for high-severity data leaks and denial-of-service issues across multiple products, including Jira and Confluence. Atlassian has released urgent patches for ...

A severe security flaw, CVE-2024-3078, has been discovered in the Windows Wi-Fi driver. This vulnerability allows remote code execution at the kernel level without needing user interaction or ...

It's not been a good week for PDFs and security. In the span of seven days, Adobe and Foxit, a rival PDF provider, released dozens and dozens of security patches for their respective software. Several ...