#npm

MCP Server Security: 40+ CVEs and the Hardening Playbook
🔒DevSecOps11 min read

MCP Server Security: 40+ CVEs and the Hardening Playbook

Over 40 CVEs in four months, a 43% command-injection rate, and a self-replicating worm targeting your agent configs - here is what is breaking in MCP server deployments and how to harden it.

A
Admin
May 30, 20262 reads
TanStack npm Attack Hits CISA KEV: What to Do Now
🔒DevSecOps11 min read

TanStack npm Attack Hits CISA KEV: What to Do Now

CVE-2026-45321 entered CISA's KEV on May 27, 2026. Here is exactly how TeamPCP hijacked TanStack's CI pipeline to publish 84 malicious npm packages, plus concrete steps JS/TS shops need now.

A
Admin
May 30, 20263 reads
Anatomy of the Nx Attack: 18 Minutes, 3,800 Repos
🔒DevSecOps8 min read

Anatomy of the Nx Attack: 18 Minutes, 3,800 Repos

A malicious Nx Console extension was live for 18 minutes on May 18 — long enough to steal credentials and exfiltrate around 3,800 GitHub repos. A post-mortem of the year's biggest dev-tooling breach.

A
Admin
May 27, 20261 reads