#npm-malware

[ follow ]
Information security
fromTheregister
3 days ago

Fake Postmark MCP npm package stole emails with one-liner

A malicious npm package impersonating Postmark's MCP secretly BCC'd outgoing emails to an attacker, likely exfiltrating thousands of sensitive messages daily.
Information security
fromThe Hacker News
3 days ago

First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

Malicious npm package 'postmark-mcp' added a BCC that forwarded every email to phan@giftshop[.]club, exposing thousands of emails and supply-chain risk.
Information security
fromIT Pro
6 days ago

A malicious MCP server is silently stealing user emails

A malicious MCP server repackaged as Postmark on npm exfiltrated thousands of emails by adding a BCC line, exploiting full assistant privileges and bypassing security controls.
Information security
fromThe Hacker News
3 weeks ago

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

Four npm packages impersonating Flashbots exfiltrate Ethereum private keys and mnemonic seeds to a Telegram bot and redirect unsigned transactions to attacker-controlled wallets.
[ Load more ]