NewsMCP Breach Timeline Nine Confirmed Breaches Three CVEsAuthZed·high signalAuthZed documents nine confirmed MCP breaches in 2025 including CVE-2025-49596, CVE-2025-6514, CVE-2025-53967. Every major integration point breached.SourceSource pageAuthZed↳ Follow the threadShared entity / Stack layerCROSS-CATEGORY: Incumbents Reopen Themselves as 'Platforms of Agents' via MCP — Greenhouse's ATS MCP Goes Broad July 6Multiple SourcesShared entity / Threat patternBlueRock's MCP Trust Registry: 36.7% of 7,000+ scanned MCP servers are SSRF-exposed, 42% leak credentialsBlueRockShared entity / Update threadMicrosoft ships a 60+ server MCP catalog via Dataverse, positioning it as the agent data platformMicrosoft Power Platform BlogStack layer / Threat patternNSA issues official MCP hardening guidance after Amazon Q auto-execution CVEs (CVSS 8.5) enable AWS credential theftWizStack layer / Threat pattern'The MCP Governance Illusion' — Why Governing Tools Isn't EnoughCyera / Hacker NewsStack layer / Update threadTip: Register Additional Working Directories to Expose Every Repo Root to MCPClaude Code DocsPolicy dependency / Stack layerIAPS warns on Kimi Claw: security and governance risks of Chinese-hosted 'always-on' AI agentsIAPSStack layer / ContrastLazy schema loading: stop paying the MCP 'tools tax' by gating tool schemas until neededarXiv