CSO Online

Trust in MCP takes first in-the-wild hit via squatted Postmark connector

In a newly disclosed supply-chain attack, an npm package “postmark-mcp” was weaponized to stealthily exfiltrate emails, ...

Watch out - hackers are using AI to make phishing emails even more convincing

We’ve all heard of Gen AI being used to craft bodies of convincing phishing emails, however Microsoft researchers have now ...
Arabian Post on MSN

MCP Package Hijack Funnels Sensitive Emails to Attacker

A malicious version of the npm package postmark-mcp, masquerading as a tool to enable AI agents to send email via Postmark, has been uncovered siphoning off every message it processes. The compromised ...