Loading posts ...

One Request to Own Every Repo: How We Hijacked GitLab Through Its MCP Server

How We Made a GitLab MCP Server Hand Us Its Own Access Token What we found: Two Critical vulnerabilities in gitlab-mcp – the most popular community GitLab MCP server, with 200K+ downloads. Either one, on…

VS Code Security Risk from Malicious Extensions and Remote Code Execution

Modern software engineering teams increasingly rely on Visual Studio (VS) Code as the primary development environment for cloud-native engineering, DevSecOps workflows, infrastructure-as-code (IaC), and AI-assisted…

Count Dooku: A Live Malicious Open VSX Campaign Hiding in Plain Sight

Last updated: June 30, 2026 The most dangerous supply chain attacks are not always the loud ones. Over the last few days, Pluto Security has…

What Is Vibe Coding? Meaning, Origins, and Use Cases

Introduction Software development is undergoing a significant transformation driven by large language models (LLMs), autonomous agents, and natural language interfaces. One notable paradigm in this…

Is Vibe Coding Safe? What You Need to Know About Vibe Coding Security

AI-assisted coding is becoming more widespread, with developers increasingly relying on large language models (LLMs) to perform a variety of tasks. This trend is often…

Introducing Plutonium

Over the past months we launched ClaudeSec for the Anthropic ecosystem and copilotsec.ai for the Microsoft one. Each closed the same gap in its own…

Comparing AI Agents to Cybersecurity Professionals: What the ARTEMIS Study Gets Right

One of the most debated questions in the evolution of Artificial Intelligence (AI) within the cybersecurity community is whether AI agents can meaningfully replicate the…