mcp

CVE-2025-6514: Command Injection in mcp-remote Turns Client Connections into Attack Vectors

Greetings, fellow security enthusiasts! Today, we're jumping into our time machine to look at a vulnerability from the future—CVE-2025-6514. It’s a nasty little bug in an npm package that turns a trusted client-server connection into a potential backdoor. This OS command injection flaw in mcp-remote is

mcp

CVE-2025-53355: When Your AI Kubernetes Assistant Goes Rogue

Imagine this: you're working with your new AI-powered IDE assistant, a brilliant copilot that helps you manage your complex Kubernetes clusters. You ask it to check the logs of a misbehaving pod. It dutifully fetches the logs, but then, without any further instruction, it calls another tool and