Model Context Protocol Threat Modeling and Analyzing Vulnerabilities to Prompt Injection with Tool Poisoning

The Model Context Protocol MCP has rapidly emerged as a universal standard for connecting AI assistants to external tools and data sources. While MCP simplifies integration between AI applications and various services, it introduces significant security vulnerabilities, particularly on the client...

TLS Certificate and Domain Feature Analysis of Phishing Domains in the Danish .Dk Namespace

Phishing attacks remain a persistent cybersecurity threat, and the widespread adoption of TLS certificates has unintentionally enabled malicious websites to appear trustworthy to users. This study examines whether certificate metadata and domain characteristics can help distinguish phishing domai...

PT-2026-27224

OpenClaw before 2026.2.22 contains an allowlist bypass vulnerability in system.run exec analysis that fails to unwrap env and shell-dispatch wrapper chains. Attackers can route execution through wrapper binaries like env bash to smuggle payloads and bypass intended allowlist restrictions...

Auditing MCP Servers for Over-Privileged Tool Capabilities

The Model Context Protocol MCP has emerged as a standard for connecting Large Language Models LLMs to external tools and data. However, MCP servers often expose privileged capabilities, such as file system access, network requests, and command execution that can be exploited if not properly...

MAL-2026-2082 Malicious code in unhandledrejection1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3f2b4dcba608cf46c9d933fd9af75d42e1f10758f11890ea7afa67460e5c3ce1 The package unhandledrejection1 was found to contain malicious code. Source: ossf-package-analysis...

Exploit for Improper Validation of Integrity Check Value in Openbsd Openssh

SSH Terrapin Attack Vulnerability Scanner CVE-2023-48795 A...

When the Abyss Looks Back: Unveiling Evolving Dark Patterns in Cookie Consent Banners

To comply with data protection regulations such as the EU General Data Protection Regulation GDPR and the California Consumer Privacy Act CCPA, websites widely deploy cookie consent banners to collect users' privacy preferences. In practice, however, these interfaces often embed dark patterns tha...

MAL-2026-2019 Malicious code in @modals/layout (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2dd7a47296a1be165b33bf8cc140bf4b6b004025557cfb22a0b75c4ec8eea864 The package @modals/layout was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2026-14254

OpenClaw's exec allowlist wrapper analysis did not unwrap env/shell dispatch chains...

EUVD-2026-14252

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...

CVE-2026-4516

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...

CVE-2026-4516 Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...

CVE-2026-4516

Foundation Agents MetaGPT up to 0.8.1 is affected by a vulnerability in the DataInterpreter component, specifically the file metagpt/actions/di/write_analysis_code.py, enabling an injection due to manipulated data handling. The issue is exploitable remotely and the exploit has been made public, w...

CVE-2026-4516

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...

CVE-2026-4516 Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/writeanalysiscode.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has be...

Malicious code in uniswap-info (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a4b0c2ab6814aa67c139dffb11add8c0013caa86df1cffd6c9e1c0de09bd395c The package uniswap-info was found to contain malicious code. Source: ossf-package-analysis...

MetaGPT 安全漏洞

MetaGPT is a multi-agent framework developed by MetaGPT Inc. Versions of MetaGPT 0.8.1 and earlier contained security vulnerabilities. These vulnerabilities were caused by unknown code in the DataInterpreter component file metagpt/actions/di/writeanalysiscode.py, which could allow remote executio...

PT-2026-26920

A vulnerability was found in Foundation Agents MetaGPT up to 0.8.1. This vulnerability affects unknown code of the file metagpt/actions/di/write analysis code.py of the component DataInterpreter. The manipulation results in injection. It is possible to launch the attack remotely. The exploit has...

Malicious code in shakti-strings (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f2263a09a764a00c111f0baad35ef067d15ac1baaf92efd30cf27d86a4adc66 The package shakti-strings was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in nflx-cmisc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 871d12cd83665d57f07a3b718ffef817f52b1baa68cc2ddc00d4ea1e010fc1f7 The package nflx-cmisc was found to contain malicious code. Source: ossf-package-analysis...