The Register: One line of malicious npm code led to massive Postmark email heist

Sep 29, 2025

—

Source URL: https://www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/
Source: The Register
Title: One line of malicious npm code led to massive Postmark email heist

Feedly Summary: MCP plus open source plus typosquatting … what could possibly go wrong?
A fake npm package posing as Postmark’s MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding a single line of code that secretly copied outgoing messages to an attacker-controlled address.…

AI Summary and Description: Yes

Summary: The text discusses a security incident involving a malicious npm package impersonating Postmark’s MCP, which aimed to exfiltrate sensitive email data. This incident highlights vulnerabilities in software supply chains, particularly the risks associated with typosquatting, which can have severe implications for information security and software integrity.

Detailed Description: The text focuses on a significant security vulnerability related to software supply chains, particularly in the context of open-source software and the npm ecosystem. This incident serves as a critical reminder of the dangers of typosquatting—where attackers create fake packages to exploit users who inadvertently download them.

– A malicious npm package masqueraded as Postmark’s Model Context Protocol (MCP) server.
– The package incorporated a line of code that captured outgoing emails and redirected them to the attacker’s server.
– This type of attack can result in significant data breaches and loss of sensitive information.
– The incident underscores the importance of verifying software packages and the potential risks associated with open-source software, especially in the cloud and infrastructure domains.
– Software supply chain security remains a pressing concern, necessitating proactive measures to mitigate risks such as dependency vulnerabilities.

The implications of this incident are profound for security and compliance professionals, emphasizing the necessity for robust security practices that include:

– Regular audits of third-party dependencies.
– Implementing package verification mechanisms.
– Educating developers on the risks of typosquatting and the importance of scrutinizing package sources.

Professionals should enhance their security posture by adopting practices that ensure the integrity of software components and protect against similar threats in future deployments.

2 2025 5 a Act age age verification AI All and art as at ated attack attacker attackers audit Audits Bi breach breaches by C CERN chain CI CIA Cloud co code Col compliance compliance professionals Context control core critical D data data breach Data breaches day de dependencies dependency deployment deployments developer developers domain domains e ecosystem email end exp exploit for future g GIS Go H high Highlight HR http HTTPS implications in incident information information security infrastructure integrity io J jack k l led Li line load M mass mcp measures Mila Mode model model context protocol N npm npm ecosystem o of on one ons open open-source open-source software opt oS oss out party party dependencies per post potential potential risks practices pre pro proactive proactive measures professionals protocol ps Q R rate RCE re red Risk risks Ro robust security robust security practices RoT s sec security security and compliance security incident security posture security practices security vulnerability sensitive information server Sig Sim single SoC software software components software integrity software packages software supply chain software supply chain security software supply chains source source software SSE SSO supply supply chain supply chain security supply chains system T ted text the third third-party threat threats to TP type typosquatting UN under up US use user Users V verification verification mechanisms vulnerabilities vulnerability Ware Wi x z