Unofficial Postmark MCP npm silently stole users' emails

A npm package copying the official 'postmark-mcp' project on GitHub turned bad with the latest update that added a single line of code to exfiltrate all its users' email communication.
Infosecurity Magazine

Malicious AI Agent Server Reportedly Steals Emails

The security researchers who discovered the malicious npm package called it the “first malicious MCP in the wild” ...
CSO Online

AI-powered phishing scams now use fake captcha pages to evade detection

Attackers are exploiting low-code AI platforms such as Vercel, Netlify, and Lovable to rapidly build phishing sites that look ...

'A CRM for cybercriminals' - SpamGPT makes cybercriminals' wildest dreams come true with business-grade marketing tools and features

SpamGPT mimics professional marketing platforms, enabling criminals to automate phishing, ransomware, and spam campaigns with ...