Cybersecurity researchers have discovered what has been described as the first-ever instance of a malicious Model Context Protocol (MCP) server spotted in the wild, raising software supply chain risks.
According to Koi Security, a legitimate-looking developer managed to slip in rogue code within an npm package called “postmark-mcp” that copied an official Postmark Labs library of the same name.
First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package
