Posts Tagged "Security"

April 29, 2026

Two confirmed critical RCEs in Semantic Kernel, then a six-bypass full-chain disclosure weeks after the patch. The same structural mistake keeps shipping in agent frameworks. Here's the chain - and what to actually do about it.

April 29, 2026

tj-actions hit 23,000 repos. nx exfiltrated 5,000. elementary-data went from a comment by a two-day-old account to a malicious PyPI wheel in ten minutes. Different payloads, same five GitHub Actions defaults. Here's the chain - annotated.

April 19, 2026

MCPwn hit every server it scanned. OX Security disclosed a systemic STDIO flaw across 200,000 instances. Anthropic declined to patch. Here's what the receipts actually say.

April 18, 2026

A 180-tool MCP server bridges Cheat Engine to any AI agent. Process memory, pointer chains, vtable lookups, code injection - all through plain English. The capability gap Mythos implied is already here, open source.

April 17, 2026

Claude Mythos can autonomously discover and exploit zero-days. Anthropic restricted access to a handful of defenders. The capability curve is what builders should actually plan around.

April 17, 2026

OX Security disclosed a systemic STDIO flaw in Anthropic's MCP SDKs. Anthropic says sanitization is on developers. The registry trust numbers show why that's a problem.

April 16, 2026

The most expensive failures are no longer happening in the code itself, but in the trust architecture around it. Supply chains, ownership transfers, and distribution channels are now the real attack surface.

April 15, 2026

AI agents shipped with real-world power before the security, architecture, and harness engineering needed to make them reliable. Builders now have to close that gap in production.