top of page
ALL POSTS
Anthropic MCP Design Flaw Exposes Critical RCE Risk in AI Supply Chain
Key Findings Critical "by design" vulnerability in Anthropic's Model Context Protocol (MCP) architecture enables remote code execution (RCE) on any system running vulnerable MCP implementations Unsafe defaults in STDIO transport interface configuration allow attackers to execute arbitrary OS commands and access sensitive data, API keys, and chat histories Vulnerability affects over 7,000 publicly accessible servers and software packages totaling more than 150 million download
Apr 213 min read
SmartLoader Abuses Oura MCP to Deploy StealC Malware
Key Findings SmartLoader hackers cloned a legitimate Oura MCP (Model Context Protocol) server and built a deceptive infrastructure of fake forks and contributors to make the project appear credible. The trojanized version of the Oura MCP server delivers the StealC information stealer, targeting developer credentials, browser passwords, and cryptocurrency wallets. This campaign signals a significant shift in the threat landscape, with traditional supply chain attackers now piv
Feb 172 min read
bottom of page
