This article analyzes the vulnerabilities of the Model Context Protocol (MCP) used in coding copilot applications. It identifies critical attack vectors such as resource theft, conversation hijacking, and covert tool invocation, highlighting the need for stronger security measures. Three proof-of-concept examples illustrate these risks in action.

A new attack called TEE.fail compromises the security of Trusted Execution Environments (TEEs) from Nvidia, AMD, and Intel. It utilizes a simple hardware method that, once executed, renders these TEEs untrustworthy, even if the operating system kernel is compromised. This raises significant concerns about the security claims made by chipmakers regarding their TEEs.

The article discusses vulnerabilities found in industrial switches that could allow attackers to gain full control over critical systems. These flaws pose significant risks to operational technology environments, potentially leading to severe disruptions. Immediate action is recommended to mitigate these security threats.