news newest ask show jobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

We scanned 763 MCP servers – 31% have exploitable schema vulnerabilities

https://munio.dev/blog/mcp-server-security-scan-763/

1•munio•1h ago

Comments

munio•1h ago

We ran munio (open source scanner) against 763 MCP servers from awesome-mcp-servers and npm. The methodology and scanner are public — pip install munio and you can reproduce the scan yourself.

The most surprising finding was that composition risk (safe tools chaining into dangerous flows) outweighs individual vulnerabilities. 7,425 toxic data flows vs 312 command injections.

Happy to answer questions about the methodology or specific finding categories.

alex1sa•1h ago

31% is alarming but not surprising. MCP adoption is moving faster than security practices around it. The pattern is familiar — same thing happened with early REST APIs, GraphQL endpoints, and now MCP. The tooling for scanning and hardening always lags adoption by 12-18 months. What types of schema vulnerabilities are most common — injection through tool descriptions, or something more structural?

The Comeback of Small Conferences

https://www.flarup.email/p/the-comeback-of-small-conferences

1•thecosas•57s ago•0 comments

Europe facing fuel shortage within days, warns Shell boss

https://finance.yahoo.com/m/0f82d44c-cba3-3392-853e-5964c10f94bc/europe-facing-fuel-shortage.html

1•alecco•1m ago•0 comments

The frantic, high-tech fight to stop climate-fueled dengue fever

https://grist.org/health/the-fight-to-stop-climate-fueled-dengue-fever-mosquitoes/

1•Brajeshwar•2m ago•0 comments

Apple introduces age verification for iCloud accounts in the UK

https://www.engadget.com/big-tech/apple-introduces-age-verification-for-icloud-accounts-in-the-uk...

1•scrlk•4m ago•0 comments

Small Models Are Getting Easy. Serving Them Still Isn't

https://blog.humidresearch.link/posts/small-models-are-getting-easy-serving-them-still-isnt/

1•aarmenante•4m ago•0 comments

Tracing the March 2026 TeamPCP supply chain campaign

https://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/

1•scapecast•5m ago•0 comments

AI chatbots ranked by data they collect

https://surfshark.com/research/chart/ai-chatbots-privacy

1•giuliomagnifico•7m ago•0 comments

TikTok Scraper API with predictable pricing and high request limits

https://jsonscraper.com/services/tiktok-scraper-api

1•mjohnsoncode•8m ago•0 comments

Is OpenClaw a new paradigm, or just better automation UX?

https://github.com/chadsly/knit

1•chadsly•9m ago•1 comments

Show HN: Gameplan – Play poker against a solver

https://gameplan.poker/

1•joelmanner•10m ago•0 comments

Xeneta Port Congestion Map

https://www.xeneta.com/hubfs/ocean-congestion/Port_Congestion_Service_Map.html

2•toomuchtodo•11m ago•0 comments

The Epistemology of Microphysics

https://www.edwardfeser.com/unpublishedpapers/microphysics.html

1•danielam•11m ago•0 comments

Show HN: Hit Rec Notes – Global Windows Dictation with Whisper API

https://hitrecnotes.com/

1•MinuteMW•12m ago•0 comments

Connecticut law lets lenders go after small businesses nationwide

https://www.npr.org/2026/03/25/nx-s1-5745122/small-business-cash-advance-loans-connecticut

1•georgecmu•13m ago•0 comments

Show HN: Pomodare – synchronized Pomodoro timer for two, via 4-letter code

https://aragosta-bot.github.io/pomodare/

1•croppka1•14m ago•0 comments

Per session security for Claude Code

https://github.com/derek-larson14/claude-guard

1•derek-larson•14m ago•0 comments

Windows native HTML/CSS UI framework, looking for feedbacks

https://github.com/M4iKZ/mui-sudoku-demo

1•M4iKZ•16m ago•0 comments

Oil Theft Is Burning a Billion-Dollar Hole in the West Texas Economy

https://www.bloomberg.com/news/features/2026-03-25/surging-oil-prices-could-worsen-crude-theft-in...

1•toomuchtodo•17m ago•1 comments

Changing One Constant Reduced Our CI Memory Usage by 70%

https://coder.com/blog/how-changing-one-constant-reduced-our-ci-memory-usage-by-70percent

3•spikecurtis1•17m ago•0 comments

NASA Lays Out Ambitious Plans for Moon Base and Nuclear Mars Mission

https://www.universetoday.com/articles/nasa-lays-out-ambitious-plans-for-moon-base-and-nuclear-ma...

1•inaros•20m ago•0 comments

Source Code is the new Assembly: Loss-driven Code

https://www.pikach.us/blog/newsletter-2026-03/

1•ow_d•21m ago•0 comments

Show HN: Podwise CLI – Search and ask questions across podcasts

https://github.com/hardhackerlabs/podwise-cli

1•SaitoWu•21m ago•0 comments

Chemists turned bourbon waste into supercapacitors

https://arstechnica.com/science/2026/03/how-chemists-turned-bourbon-waste-into-super-capacitors/

1•Brajeshwar•23m ago•0 comments

All of DOGE's work could be undone as lawsuit against Musk proceeds

https://arstechnica.com/tech-policy/2026/03/all-of-doges-work-could-be-undone-as-lawsuit-against-...

7•doener•25m ago•0 comments

What the heirs to General Electric did next

https://www.economist.com/business/2026/03/04/what-the-heirs-to-general-electric-did-next

1•andsoitis•25m ago•0 comments

Rapprochement Between Hyperion and Amiga Corporation

https://amiga-news.de/en/news/AN-2026-03-00108-EN.html

1•codewiz•26m ago•0 comments

A.I. Chatbots Want Your Health Records. Tread Carefully.

https://www.nytimes.com/2026/03/12/technology/personaltech/microsoft-copilot-health-ai-chatbots.html

3•bookofjoe•26m ago•1 comments

Stop Typing Prompts to Your Coding Agent

https://www.agenticcodingweekly.com/p/5-best-open-source-speech-to-text-tools-in-2026

2•primaprashant•26m ago•1 comments

Show HN: Agentic backlog generator that runs locally (no API key)

1•pvlakshm•28m ago•0 comments

RuntimeGuard, ransomware detection for Linux using eBPF

https://runtimeguard.io

1•wizzler•28m ago•0 comments