Vibe CodingSmartLoader Supply Chain Attack Trojanizes Oura MCP ServerThe Hacker News·high signalThreat actors clone legitimate Oura Ring MCP server to distribute StealC infostealer targeting developer credentialsSourceSource pageThe Hacker News↳ Follow the threadPolicy dependency / Stack layerKastra Launches Policy Enforcement for Claude Code, Cursor, and CodexHacker NewsStack layer / Threat patternSnyk's Evo Agentic Development Security Hit GA June 29 — an Enforcement Layer That Polices MCP Servers and Coding Agents at RuntimeSiliconANGLEStack layer / Threat patternNSA issues official MCP hardening guidance after Amazon Q auto-execution CVEs (CVSS 8.5) enable AWS credential theftWizStack layer / Threat patternCROSS-CATEGORY: Three Vendors in Three Unrelated Categories Shipped 'Agents That Supervise Other Agents' Inside Two WeeksVantaStack layer / Threat patternDefend against prompt injection with an embedding-scored Threat Library, not brittle regex rulesPromptHaloStack layer / Threat patternAirflowAttack Fools Infrared Remote-Sensing VLMs With Physical PerturbationsarXivStack layer / Threat patternTRACE Watermarks Agent Trajectories Against Adversaries Who Control the LogsarXivStack layer / Threat patternMCP-Grounded Agent Pipeline Converts Legacy Docs to NIST OSCAL for Continuous CompliancearXiv