Unofficial Postmark MCP npm silently stole users' emails
A npm package copying the official 'postmark-mcp' project on GitHub turned bad with the latest update that added a single line of code to exfiltrate all its users' email communication. [...]
https://www.bleepingcomputer.com/news/security/unofficial-postmark-mcp-npm-silently-stole-users-emails/Posted from: this blog via Microsoft Power Automate.
Comments
Post a Comment