New CVEs (4):
- CVE-2025-59536: Claude Code RCE via enableAllProjectMcpServers config (fixed 1.0.111)
- CVE-2026-21852: Claude Code API key theft via ANTHROPIC_BASE_URL redirect (fixed 2.0.65)
- CVE-2026-26029: sf-mcp-server command injection via child_process.exec
- CVE-2026-27203: eBay API MCP Server env variable injection
New attack technique:
- T011: Project Configuration Hijacking (.claude/settings.json / .mcp.json as attack surface)
New defensive resources:
- GuardFive AI Agent Security Scanner
- Palo Alto AI Runtime Security MCP Threat Detection
New sources (7): Check Point Research, The Hacker News, Trend Micro, 1Password, Red Hat, NVD x2
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ad735dfff4