On September 27, 2025, Redazione RHC reported a significant cybersecurity breach involving the postmark-mcp package, widely used by developers for automating routine tasks. This package, downloaded over 1,500 times weekly, contained a hidden line of code that secretly forwarded emails to an external server, endangering sensitive company correspondence, passwords, and internal documents. Identified by Koi Security through abnormal packet behavior, the breach showcased how MCP servers can facilitate supply chain attacks. Users unknowingly granted “god-mode” access to their AI assistants, which operate without rigorous security checks. The developer’s public GitHub profile misled users about the tool’s reliability. Recommendations include uninstalling versions 1.0.16 or later, changing credentials, and analyzing email logs for any signs of forwarding to the suspicious domain giftshop.club. This incident underscores the urgent need for enhanced security measures around MCP tools, which are increasingly vulnerable to exploitation.
Source link
One Line of Code: How Supply Chain Vulnerabilities Led to Widespread Hacking of Thousands of Companies
Share
Read more