The Hacker News

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

SmartLoader campaign spreading StealC via a trojanized Oura MCP server using fake GitHub forks to steal credentials and ...
heise online

Attack via GitHub MCP server: Access to private data

A blog post by AI security company Invariant Labs shows that the official GitHub MCP server (Model Context Protocol) can invite prompt injection attacks. In a proof of concept, an attacker used a ...
InfoQ

GitHub Announces Public Preview of GitHub MCP Server

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
TechRadar

Anthropic's official Git MCP server had some worrying security flaws - this is what happened next

Anthropic patched Git MCP flaws enabling remote code execution via tool chaining Cyata discovered CVEs; fixed in version 2025.12.18, no exploitation reported yet Claude previously manipulated in cyber ...
Hosted on MSN

Some worrying security flaws were found in Anthropic's official Git MCP

Anthropic patched Git MCP flaws enabling remote code execution via tool chaining Cyata discovered CVEs; fixed in version 2025.12.18, no exploitation reported yet Claude previously manipulated in cyber ...