MCP credential weakness raises red flags
More than half of Model Context Protocol servers were found to rely on static, long-lived credentials. With AI agents on the rise, that’s a problem.
Read More about MCP credential weakness raises red flagsJohn P. Mello Jr.
Freelance technology writer. John's work has appeared in the The Boston Globe and Boston Herald, as well as CFO, CIO, CSO, and Inc. magazines. He is a former managing editor of the Boston Business Journal and Boston Phoenix, as well as a staff writer for Government Security News.
Posts from John P. Mello Jr.
MCP credential weakness raises red flags
5 vibe coding security lessons
Vibe-coded apps that make it to production can be a minefield for security teams. Here are key takeaways for your AppSec team.
Read More about 5 vibe coding security lessons
ASM and the attack surface: 10 key risk factors
Attack surface management (ASM) isn’t just another buzzword. It represents a fundamental shift in security strategy with risk on the rise.
Read More about ASM and the attack surface: 10 key risk factors
The Postmark MCP server attack: 5 key takeaways
A malicious Model Context Protocol package was found in the wild last week. Here are lessons from the compromise of the AI interface tool.
Read More about The Postmark MCP server attack: 5 key takeaways
Deadlines vs. secure code: How AppSec can cope
AI coding and other modern development practices mean flawed code will continue to ship. Here are key recommendations for managing software risk.
Read More about Deadlines vs. secure code: How AppSec can cope
How AI coding can learn to do secure software
If you train ML models, they can learn to write more secure code. But the quality of the training data is only as good as your AppSec tooling.
Read More about How AI coding can learn to do secure software
CISA tool aims to boost security for software onboarding
The new procurement tool seeks to strengthen third-party software risk management (TPSRM). But the process is manual and cumbersome.
Read More about CISA tool aims to boost security for software onboardingCISA tool aims to boost security for software onboarding
The new procurement tool seeks to strengthen third-party software risk management (TPSRM). But the process is manual and cumbersome.
Read More about CISA tool aims to boost security for software onboarding
The future is here: AI-assists new ransomware
ESET researchers have discovered malware that taps into OpenAI’s large language model to assist in ransomware attacks.
Read More about The future is here: AI-assists new ransomware