Six MCP Security Incidents Every Security Leader Should Know | UpGuard

**Executive summary:** This report describes six documented MCP-targeted incidents—including supply-chain registry poisoning with a trojanized MCP server (SmartLoader/StealC), a critical OAuth RCE in mcp-remote (CVE-2025-6514) affecting a widely used adapter, multiple prompt-injection exfiltration cases (GitHub issues, support tickets), package impersonation that silently BCC'd emails, and a destructive VS Code extension prompt-injection—highlighting systemic gaps (implicit agent trust, lack of registry/network visibility, and developer-focused attack surface) and advising visibility and permission controls for mid-market teams.