One line of malicious npm code led to massive Postmark email heist

News
Yanac

MCP plus open source plus typosquatting … what could possibly go wrong? A fake npm package posing as Postmark’s MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding a single line of code that secretly copied outgoing messages to an attacker-controlled address.…The Register – SecurityRead More