The Hacker News

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

SmartLoader campaign spreading StealC via a trojanized Oura MCP server using fake GitHub forks to steal credentials and crypto funds.
heise online

Attack via GitHub MCP server: Access to private data

A blog post by AI security company Invariant Labs shows that the official GitHub MCP server (Model Context Protocol) can invite prompt injection attacks. In a proof of concept, an attacker used a ...
TechRadar

Anthropic's official Git MCP server had some worrying security flaws - this is what happened next

Anthropic patched Git MCP flaws enabling remote code execution via tool chaining Cyata discovered CVEs; fixed in version 2025.12.18, no exploitation reported yet Claude previously manipulated in cyber ...