Security Boulevard

Your MCP Server Is a Resource Server Now. Act Like It.

Without an identity layer, AI agents accessing enterprise tools create real exposure: data exfiltration through unscoped ...
SecurityWeek

Guardarian Users Targeted With Malicious Strapi NPM Packages

A threat actor has used 36 malicious NPM packages posing as Strapi plugins to distribute malware targeting Redis, Docker, and ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
GitHub

Secure Node.js Execution Without a Sandbox

A lightweight library for secure Node.js execution. No containers, no VMs — just npm-compatible sandboxing out of the box. Powered by the same tech as Cloudflare Workers. Give your agent the ability ...