Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
Unofficial Postmark MCP npm silently stole users' emails
Malware and Vulnerabilities
September 26, 2025
bleepingcomputer
A malicious npm package impersonating the legitimate 'postmark-mcp' project was discovered to be exfiltrating user emails. The package was a perfect replica of the authentic one for 15 versions, making it difficult to detect.
Read More
Postmark MCP
Npm
MCP server
Publisher
Previous
New LockBit 5.0 Targets Windows, Linux, ESXi
Threat Intel & Info Sharing
Next
Google Warns of BRICKSTORM Supply Chain Attacks
Malware and Vulnerabilities
/https://cyware-ent.s3.amazonaws.com/image_bank/4e4c_shutterstock_2624524953.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_50001601.jpg)
