The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...
heise online

AI developer tool MCP Inspector: Critical vulnerability allows code execution

There is a critical security vulnerability in Anthropic's MCP Inspector, a debugging tool for MCP servers. It allows malicious code to be executed. In a blog post, the discoverers of the Oligo ...
CSOonline

Critical RCE flaw in Anthropic’s MCP inspector exposes developer machines to remote attacks

A misconfigured default in the MCP inspector tool allows attackers to execute arbitrary commands via CSRF and legacy browser flaws, posing serious risks to AI developers and enterprise systems. A ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
Visual Studio Magazine

Hands On: Building an MCP Server with VS Code AI Toolkit's New Tool Catalog

Microsoft's AI Toolkit extension for VS Code now includes a Tool Catalog that can scaffold a Python or TypeScript MCP server with the core transport and registration plumbing already set up. In ...