2 posts
Fourteen vulnerabilities across Claude Code, Cursor, MCP servers, and Claude Desktop share a single root cause: untrusted content driving privileged actions with no independent enforcement layer.
GlassWorm started as a VS Code supply chain attack. Now it's targeting MCP packages directly. Here's exactly what it does, and why runtime enforcement is the layer that still works after a malicious package is already installed and running.