The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

The cybersecurity company said the systemic vulnerability is baked into Anthropic's official MCP software development kit ...
CSO Online

Prompt injection turned Google’s Antigravity file search into RCE

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing ...
Dark Reading

Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool

The prompt injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
The Hacker News

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...

Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware ...
Bleeping Computer

Claude AI finds Vim, Emacs RCE bugs that trigger on file open

Vulnerabilities in the Vim and GNU Emacs text editors, discovered using simple prompts with the Claude assistant, allow remote code execution simply by opening a file. The assistant also created ...
InfoWorld

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

A simple prompt sent Claude Code on a mission that uncovered major security vulnerabilities in popular text editors — and then suggested ways to exploit them. Developers can spend days using fuzzing ...