THREAT OPS › Threat News › Top MCP security resources — June 2026
Top MCP security resources — June 2026
<p>MCP went from a convenient way to plug tools into agents to one of the most exposed surfaces in the AI stack — and this month the measurements made that concrete. Censys counted 12,520 Internet-accessible MCP services, most of them unauthenticated, while a separate study found that roughly 40% of remote servers expose their tools with no authentication at all. The vulnerability side was just as
MITRE ATT&CK techniques
- VulnerabilitiesT1588.006
Indicators of compromise
- CVE-2025-54136cve
- https://arxiv.org/abs/2605.22333url
- https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/update-on-exposed-mcp-servers-the-threat-widens-to-the-cloudurl
- https://censys.com/blog/mcp-servers-on-the-internet/url
- https://www.theregister.com/security/2026/05/13/bug-hunter-tracks-down-three-serious-mcp-database-flaws-one-left-unpatched/5238916url
- https://www.truefoundry.com/blog/blog-mcp-tool-poisoning-gateway-defenseurl
- https://arxiv.org/abs/2605.24248url
- https://arxiv.org/abs/2605.11053url
- https://arxiv.org/abs/2605.21392url
- https://genai.owasp.org/2026/05/13/memory-is-a-feature-it-is-also-an-attack-surface/url
- https://www.nsa.gov/Portals/75/documents/Cybersecurity/CSI_MCP_SECURITY.pdfurl