MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
mcp
Search

MCP attack abuses predictable session IDs to hijack AI agents

Tuesday October 21, 2025. 09:36 PM , from TheRegister
The vuln affects the Oat++ MCP implementation
A security flaw in the Oat++ implementation of Anthropic's Model Context Protocol (MCP) allows attackers to predict or capture session IDs from active AI conversations, hijack MCP sessions, and inject malicious responses via the oatpp-mcp server.…
Read more at TheRegister
https://go.theregister.com/feed/www.theregister.com/2025/10/21/mcp_prompt_hijacking_attack/

Related News

mcp AI agents might smooth some of retail’s worst data problems ComputerWorldOct 21
ids Agents of chaos InfoWorldOct 17
session Chicago judge furious: "You can't drive a car through a crowd," orders bodycams on federal agents BoingBoingOct 16
hijack Chinese cyberspies snoop on Russian IT biz in rare east-on-east attack TheRegisterOct 16
oat Salesforce pumps the dream of AI agents as helpers, not replacements TheRegisterOct 15
implementation Are AI Agents Compromised By Design? SlashdotOct 15
predictable Frightful Patch Tuesday gives admins a scare with 175+ Microsoft CVEs, 3 under attack TheRegisterOct 15
agents A New Attack Lets Hackers Steal 2-Factor Authentication Codes From Android Phones Wired: Tech.Oct 14
abuses GenAI agents are changing language translation in the enterprise ComputerWorldOct 14
attack Comedian trolls ICE agents with animal costumes and protest songs BoingBoingOct 14
mcp British govt agents demand action after UK mega-cyberattacks surge 50% TheRegisterOct 14
ids Android 'Pixnapping' Attack Can Capture App Data Like 2FA Codes SlashdotOct 14
session Android 'Pixnapping' attack can capture app data like 2FA codes TheRegisterOct 13
hijack Java or Python for building agents? InfoWorldOct 13
oat GitHub Copilot Chat turns blabbermouth with crafty prompt injection attack TheRegisterOct 9
implementation Hobble your AI agents to prevent them from hurting you too badly TheRegisterOct 9
predictable Teens Arrested In London Preschool Ransomware Attack SlashdotOct 9
agents Teens arrested in London preschool ransomware attack TheRegisterOct 8
abuses Nearly a year after attack, US medical scanning biz gets clear image of stolen patient data TheRegisterOct 7
attack How to write nonfunctional requirements for AI agents InfoWorldOct 7
News copyright owned by their original publishers | Copyright © 2004 - 2025 Zicos / 440Network
Current Date
Oct, Wed 22 - 17:28 CEST