Malicious MCP Server on npm postmark-mcp Harvests Emails

In September 2025, the npm package "postmark-mcp," designed for AI assistants to send emails via the Postmark service, was discovered to have been maliciously modified to exfiltrate email contents by blind-copying them to an external domain. This security breach, which likely started with version 1.0.16, highlights a significant supply chain security incident involving an MCP (Model Context Protocol) server. The backdoor was intended to harvest emails sent through the server, potentially compromising sensitive data like passwords, customer information, and internal communications. Users who installed the package from mid-September 2025 are advised to uninstall it, rotate credentials, review email logs, and block the associated domain to mitigate risks. The incident underscores the need for vigilance in monitoring and managing third-party packages, especially those with high trust and broad permissions in agent toolchains.