Information security
fromIT Pro
13 hours agoA malicious MCP server is silently stealing user emails
A malicious MCP server repackaged as Postmark on npm exfiltrated thousands of emails by adding a BCC line, exploiting full assistant privileges and bypassing security controls.