Postmark

A npm package copying the official ‘postmark-mcp’ project on GitHub turned bad with the latest update that added a single line of code to exfiltrate all its users’ email communication. Published by a legitimate-looking developer, the malicious package was a perfect replica of the authentic one in terms of code and description, appearing as an official port […]