Security News Unofficial Postmark MCP npm silently stole users' emails BleepingComputer Daniel Bender Sep 25, 2025 A npm package copying the official 'postmark-mcp' project on GitHub turned bad with the latest update that added a single line of code to exfiltrate all its users' email communication.
