Malicious MCP Server on npm postmark-mcp Harvests Emails
Source
SnykMalicious MCP Server on npm postmark-mcp Harvests Emailssnyk.ioYou might also wanna read

September 2025 NPM supply-chain attack compromises popular JavaScript packages
In September 2025, a coordinated software supply-chain attack targeted multiple popular NPM packages in the JavaScript ecosystem. The attack
Popular npm packages debug and chalk compromised with crypto-intercepting malware
Starting September 8th, 2023, the popular npm packages "debug" and "chalk" were compromised with malicious code. These packages, which colle
aikido.dev·10mo ago317 npm Packages Compromised in Mini Shai-Hulud Supply Chain Attack
A major npm supply chain attack occurred on May 19, 2026, when the npm account of maintainer "atool" was compromised. The attacker published
Microsoft uncovers npm supply chain attack stealing cloud and CI/CD credentials via typosquatted packages
Microsoft identified an active supply chain attack (Mini Shai-Hulud campaign) targeting the npm package ecosystem. On May 28, 2026, a threat
Major NPM Supply Chain Attack: @ctrl/tinycolor and 40+ Packages Compromised with Self-Propagating Malware
A sophisticated supply chain attack has compromised the popular @ctrl/tinycolor NPM package (with over 2 million weekly downloads) along wit
Security Alert: Malicious Nx Packages Published to npm Containing Credential-Stealing Code
Malicious versions of the Nx package and several supporting plugins were published to npm, containing code that scans file systems, collects

Comments
Sign in to join the conversation.
No comments yet. Be the first.