The Hacker News

First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

According to Koi Security, a legitimate-looking developer managed to slip in rogue code within an npm package called " ...
Arabian Post on MSN

MCP Package Hijack Funnels Sensitive Emails to Attacker

A malicious version of the npm package postmark-mcp, masquerading as a tool to enable AI agents to send email via Postmark, has been uncovered siphoning off every message it processes. The compromised ...