Every processed story in chronological order, with the newest coverage first. Filter by tag, source, or score to drill in.
Developers using any MCP security scanner should verify it does not silently execute the untrusted commands it is supposed to evaluate — the same attack surface the tool is meant to protect against.
A static scanner across 19 top GitHub MCP servers produced 862 findings — nearly all false positives — while the most dangerous real-world MCP exploits of 2026 came from categories static analysis can't touch.