{"id":7285,"date":"2025-09-29T21:33:40","date_gmt":"2025-09-29T21:33:40","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/09\/29\/malicious-mcp-server-exfiltrates-secrets-bcc\/"},"modified":"2025-09-29T21:33:40","modified_gmt":"2025-09-29T21:33:40","slug":"malicious-mcp-server-exfiltrates-secrets-bcc","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/09\/29\/malicious-mcp-server-exfiltrates-secrets-bcc\/","title":{"rendered":"Sneaky, Malicious MCP Server Exfiltrates Secrets via BCC"},"content":{"rendered":"<p>    Sneaky, Malicious MCP Server Exfiltrates Secrets via BCC<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>The first known malicious MCP server is an AI integration tool that automatically sends email such as those related to password resets, account confirmations, security alerts, invoices, and receipts to threat actors.<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Jai Vijayan, Contributing Writer<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/www.darkreading.com\/application-security\/malicious-mcp-server-exfiltrates-secrets-bcc\">Go to gbhackers.com<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Sneaky, Malicious MCP Server Exfiltrates Secrets via BCC The first known malicious MCP server is an AI integration tool that automatically sends email such as those related to password resets, account confirmations, security alerts, invoices, and receipts to threat actors. Jai Vijayan, Contributing Writer Go to gbhackers.com<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[260],"tags":[261],"class_list":["post-7285","post","type-post","status-publish","format-standard","hentry","category-darkreading","tag-darkreading"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/7285"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=7285"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/7285\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=7285"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=7285"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=7285"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}