Vibe CodingSmartLoader Supply Chain Attack Trojanizes Oura MCP Server StealC InfostealerThe Hacker News·high signalThreat actors cloned Oura Ring MCP server on GitHub with fake forks to distribute StealC infostealer targeting developer credentialsSourceSource pageThe Hacker News↳ Follow the threadPolicy dependency / Stack layerHalluSquatting weaponizes LLM hallucinations to push botnet malware into agentsThe Hacker NewsPolicy dependency / Stack layerPattern: this week's enterprise agent news is dominated by runtime governance and cost controlAI Agent StoreStack layer / Threat patternCut agent scraping token spend with Scrapling — adaptive element-signature relocation plus a built-in MCP serverGitHubPolicy dependency / Stack layerTip: Enterprise MCP Allowlists Now Enforce on Reconnect and IDE-Typed Configs in Claude CodeClaude Code ChangelogStack layer / Threat patternMitigating Taint-Style MCP Server Vulnerabilities Without Touching Server Code (SPELLSMITH)arXivStack layer / Threat patternVaronis discloses 'Rogue Agent' — a Dialogflow CX flaw letting one permission poison a shared agent runtimeNxCodeStack layer / Threat patternGitHub Ships CodeQL 2.26.0 With AI Prompt-Injection Detection for JavaScript/TypeScriptGitHub (CodeQL release notes)Stack layer / Threat patternPattern: The Agent's Web Access Is Moving Inside the IDE as a Sandboxed, Allowlisted Browser9to5Mac