Six MCP Security Incidents Every Security Leader Should Know | UpGuard

This report catalogs six real-world incidents (February–September 2025) that exploited the Model Context Protocol (MCP) ecosystem—including registry poisoning that distributed an infostealer, an OAuth-based RCE (CVE-2025-6514) in a widely used proxy, prompt injection through GitHub issues and support tickets causing private repo and database exfiltration, a malicious npm package silently BCC’ing outgoing emails, and a destructive prompt that wiped local and cloud resources—demonstrating systemic visibility gaps, supply-chain risk, and the need for MCP-specific monitoring and privilege scoping.