We got @NotionHQ to leak your private Notion pages 💀 On Thursday @NotionHQ announced Notion 3.0 with support for custom agents using MCP (built by @AnthropicAI) — powerful, but dangerous. @simonw calls these MCP related attacks the “lethal trifecta”: the combination of LLMs,…
Official Azure MCP exploited to leak user's key vault secrets to attackers - tramlines.io/blog/azure-mcp…
Official Azure MCP exploited to leak user's KeyVault secrets to attackers - tramlines.io/blog/azure-mcp…
Official Azure MCP can leak user's Keyvault secrets to external attacker - tramlines.io/blog/azure-mcp…
Official Neon MCP exploit where attackers can exfiltrate user DB data and trigger unauthorized actions. -tramlines.io/blog/neon-offi…
Shortwave AI Email's MCP integration exploited: attackers exfiltrate users’ emails and other confidential data by hijacking MCPs. - tramlines.io/blog/why-short…
Why Shortwave.com AI Email with MCP integration Is a Phisher’s White Whale - tramlines.io/blog/why-short…
Our team found numerous exploits in the official Neon MCP, where attackers can embed malicious prompts in Neon database tables and trigger unauthorized malicious Neon MCP actions.
Our team found numerous exploits in the official Neon MCP, where attackers can embed malicious prompts in Neon database tables and trigger unauthorized malicious Neon MCP actions.
Our team found numerous exploits in the official Neon MCP, where attackers can embed malicious prompts in Neon database tables and trigger unauthorized actions.
x.com/wycats/status/… Tramlines.io publicly disclosed an exploit we found in the official Heroku MCP server today, which @wycats from Heroku felt wasn’t cool to disclose publicly and claimed we did it for “virality.” My guy, we’re in the business of powering…
tramlines.io
Tramlines - MCP Servers Registry & Security Guardrails
Tramlines is the comprehensive registry of MCP (Model Context Protocol) servers with advanced security guardrails. Discover, evaluate, and deploy MCP servers safely for your GenAI and LLM applicati...
First of all, I want to say that we took this extremely seriously internally. I personally spent several days really digging into the potential exploit vector and we had multiple security folks working to characterize the threat model.
Our team found a critical exploit with the official Heroku MCP where a user can inject a GET request to any hosted Heroku app and maliciously transfer ownership of the Heroku app to themselves. - tramlines.io/blog/heroku-mc…
Our team found a critical exploit with the official Heroku MCP where a user can inject a GET request to any hosted Heroku app and maliciously transfer ownership of the Heroku app to themselves. - tramlines.io/blog/heroku-mc…
United States 트렌드
- 1. #warmertogether N/A
- 2. $BARRON 1,915 posts
- 3. Harvey Weinstein 2,256 posts
- 4. Diane Ladd 2,147 posts
- 5. Ben Shapiro 24.8K posts
- 6. #NXXT 2,487 posts
- 7. $PLTR 14.7K posts
- 8. #maddiekowalski 3,411 posts
- 9. Gold's Gym 45.4K posts
- 10. Laura Dern N/A
- 11. #CAVoteYesProp50 4,135 posts
- 12. University of Virginia 1,700 posts
- 13. Shannon Library 1,701 posts
- 14. #BestStockToBuy 1,102 posts
- 15. Cardinals 11.4K posts
- 16. Mumdumi 10.8K posts
- 17. Standout 7,615 posts
- 18. Ndiaye 8,436 posts
- 19. Murray State 1,214 posts
- 20. iOS 26.1 2,790 posts
Something went wrong.
Something went wrong.