Information security
fromTheregister
3 weeks agoFake Postmark MCP npm package stole emails with one-liner
A malicious npm package impersonating Postmark's MCP secretly BCC'd outgoing emails to an attacker, likely exfiltrating thousands of sensitive messages daily.