One line of malicious npm code led to massive Postmark email heist

MCP plus open source plus typosquatting equals trouble

A fake npm package posing as Postmark's MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding a single line of code that secretly copied outgoing messages to an attacker-controlled address....