{"uuid": "d44b0521-d3bc-4d0d-afe5-400eb2fc8902", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-59528", "type": "seen", "source": "https://bsky.app/profile/hakksaww.bsky.social/post/3ml2ly6ysgp25", "content": "Already on our IOC corpus before launch:\n\n@iflow-mcp/watercrawl-watercrawl-mcp v1.3.0-1.3.4 = GlassWorm (Aikido)\n20+ MCP-named repos serving SmartLoader (URLhaus)\nCVE-2025-59528: mcpServerConfig exploit\n\nThe ecosystem's been targeted, just not counted.", "creation_timestamp": "2026-05-04T21:19:28.502731Z"}