@armor1
Nothing here yet.
Nothing here yet.
May 15 · 4 min read · Two independent security research groups published this week with findings that land on the same problem from different angles: AI agent skill files are a serious and underaudited supply chain surface
Join discussionMay 12 · 4 min read · The trust dialog in an AI coding tool is supposed to be the security boundary that gates everything the agent does inside a workspace. External security researchers recently published a technical writ
Join discussionMay 10 · 4 min read · CVE-2026-26268 is a CVSS 8.1 high-severity vulnerability in the Cursor AI IDE that lets a malicious repository execute arbitrary code on a developer's machine the moment Cursor's agent performs a Git
Join discussionMay 8 · 3 min read · CVE-2026-39861 is a sandbox escape in Claude Code, patched in version 2.1.64. The vulnerability allows file writes to land outside the workspace directory by exploiting symbolic link following across
Join discussionApr 22 · 4 min read · CVE-2026-5603 is a Critical command injection in @elgentos/magento2-dev-mcp, but the vulnerability pattern it represents shows up in community MCP servers regularly. This post explains what the vulner
Join discussion