Vibe CodingSmartLoader Supply Chain Attack Trojanizes Oura MCP Server StealC InfostealerThe Hacker News·high signalThreat actors cloned Oura Ring MCP server on GitHub with fake forks to distribute StealC infostealer targeting developer credentialsSourceSource pageThe Hacker News↳ Follow the threadPolicy dependency / Stack layerKastra Launches Policy Enforcement for Claude Code, Cursor, and CodexHacker NewsStack layer / Threat patternSnyk's Evo Agentic Development Security Hit GA June 29 — an Enforcement Layer That Polices MCP Servers and Coding Agents at RuntimeSiliconANGLEStack layer / Threat patternNSA issues official MCP hardening guidance after Amazon Q auto-execution CVEs (CVSS 8.5) enable AWS credential theftWizStack layer / Threat patternDefend against prompt injection with an embedding-scored Threat Library, not brittle regex rulesPromptHaloStack layer / Threat patternCROSS-CATEGORY: Three Vendors in Three Unrelated Categories Shipped 'Agents That Supervise Other Agents' Inside Two WeeksVantaStack layer / Threat patternAirflowAttack Fools Infrared Remote-Sensing VLMs With Physical PerturbationsarXivStack layer / Threat patternTRACE Watermarks Agent Trajectories Against Adversaries Who Control the LogsarXivStack layer / Threat patternAnthropic's 'J-Space' Interpretability Result Finds a Silent Reasoning Workspace Inside ClaudeAnthropic