Over 40 CVEs in four months, a 43% command-injection rate, and a self-replicating worm targeting your agent configs - here is what is breaking in MCP server deployments and how to harden it.
Anthropic's Claude Mythos Preview found 10,000+ critical vulnerabilities via Project Glasswing - but fewer than 100 are patched. Here is what that gap actually means for AI-assisted vuln triage.
CVE-2026-45321 entered CISA's KEV on May 27, 2026. Here is exactly how TeamPCP hijacked TanStack's CI pipeline to publish 84 malicious npm packages, plus concrete steps JS/TS shops need now.
TeamPCP poisoned a Checkmarx Jenkins plugin using credentials from an earlier breach, while Datadog found 87% of organizations run known-exploitable vulnerabilities. A look at the attacks, the data, and the defenses that work.