Researchers at Tenet Security have disclosed Agentjacking, a new attack that turns AI coding assistants like Claude Code, Cursor, and Codex into tools for running an attacker's code on a developer's machine. The trick abuses Sentry, a widely used error-tracking service: anyone can submit a fake error event using a project's DSN, a public write-only key embedded in website code, and the AI agent, fetching that event through Sentry's MCP integration, cannot tell the malicious instructions from real diagnostics and runs them with the developer's privileges. No phishing, malware, or server breach is needed, and it bypasses traditional controls because every step is technically authorized. Tenet found 2,388 exposed organizations.
The critical Ivanti Sentry flaw covered yesterday is now under active attack, with researchers reporting compromised gateways within about 24 hours of the patch and public patch analysis. CVE-2026-10520, rated a perfect 10, is an OS command injection in an internal configuration API that accepts commands from anyone who can reach it over the internet, granting remote code execution as root with no login. A second flaw, CVE-2026-10523, lets attackers create their own admin accounts. With exploitation confirmed and detection tooling public, the time to patch has effectively run out for internet-exposed appliances. Ivanti released fixes earlier this week.
Ivanti has patched two critical flaws in Sentry, its mobile gateway appliance (formerly MobileIron Sentry) that sits in line between mobile devices and back-end systems like Exchange. The worst, CVE-2026-10520, rated a perfect 10, is an OS command injection in an internal configuration API that mistakenly accepts commands from anyone who can reach it over the internet, with no login, granting remote code execution as root. The second, CVE-2026-10523 (9.9), is an authentication bypass that lets attackers create their own admin accounts. No exploitation has been seen yet, but watchTowr has already published a patch analysis and a detection script, so the window is closing fast.