One line of malicious npm code led to massive Postmark email heist

Theregister | 30-09-2025 09:45am |

MCP plus open source plus typosquatting ... what could possibly go wrong? A fake npm package posing as Postmark's MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding a single line of code that secretly copied outgoing messages to an attacker-controlled address....

Zamfara Christian Network Hails Matawall... Politics,top,lifestyle
BPSR ranks NCC among top 3 MDAs Top,lifestyle
Budget crisis: NASS extends 2025 fiscal ... Top,business
AAAN to Champion Advertising Innovation ... Top
Indian police arrest Nigerian ‘student... Crime,top
Atiku accuses Tinubu of defying Supreme ... Domestic

One line of malicious npm code led to massive Postmark email heist

Stay Updated with the Latest News!