Information security
fromIT Pro
3 weeks agoA malicious MCP server is silently stealing user emails
A malicious MCP server repackaged as Postmark on npm exfiltrated thousands of emails by adding a BCC line, exploiting full assistant privileges and bypassing security controls.