# AppSec Newsletter 0042

### Novo video no canal!

A essa altura do campeonato você já deve ter ouvido sobre MCP. Bem, vamos entender um pouco mais do que é o protocolo e criar o nosso primeiro:

%[https://www.youtube.com/watch?v=hT72pLOLRaQ] 

### Links

* [🏆 Lakera Gandalf - Prompt Injection Online CTF | lakera.ai](https://gandalf.lakera.ai/baseline)
    
* [Remote Code Execution vs. Remote Command Execution vs. Code Injection vs. Command Injection vs. RCE | hakluke.com](https://hakluke.com/remote-code-execution-vs-remote-command-execution-vs-code-injection-vs-command-injection-vs-rce)
    
* [Deceiving users with ANSI terminal codes in MCP | trailofbits.com](https://blog.trailofbits.com/2025/04/29/deceiving-users-with-ansi-terminal-codes-in-mcp/?utm_content=331479208&utm_medium=social&utm_source=linkedin&hss_channel=lcp-912286)
    
* [How MCP servers can steal your conversation history | trailofbits.com](https://blog.trailofbits.com/2025/04/23/how-mcp-servers-can-steal-your-conversation-history/?utm_content=331126531&utm_medium=social&utm_source=linkedin&hss_channel=lcp-912286)
    
* [Awesome MCP Security | puliczek](https://github.com/Puliczek/awesome-mcp-security?tab=readme-ov-file)
    
* [The MCP Authorization Spec Is... a Mess for Enterprise | christianposta.com](https://blog.christianposta.com/the-updated-mcp-oauth-spec-is-a-mess/)
    
* [The Rise of Slopsquatting: How AI Hallucinations Are Fueling a New Class of Supply Chain Attacks | socket.dev](https://socket.dev/blog/slopsquatting-how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks)
    
* [Securing the Model Context Protocol | block.github.io](https://block.github.io/goose/blog/2025/03/31/securing-mcp/)
    

### **Siga o Guia de AppSec nas redes!**

* Youtube: [**youtube.com/@GuiadeAppSec**](http://youtube.com/@GuiadeAppSec)
    
* Twitter / X: [**twitter.com/guiadeappsec**](http://twitter.com/guiadeappsec)
    
* Site: [**guiadeappsec.com.br**](http://guiadeappsec.com.br/)
