Techly NewsGet the app

Get the latest tech news

A Postmark backdoor that’s downloading emails


w MCP servers, right? Those handy tools that let your AI assistant send emails, run database queries, basically handle all the tedious stuff we don't want to do manually anymore. Well, here's the thing not enough people talk about: we're giving these tools god-mode permissions.

Those handy tools that let your AI assistant send emails, run database queries, basically handle all the tedious stuff we don't want to do manually anymore. Phase 3: Profit Sit back and watch emails containing passwords, API keys, financial data, and customer information flow into giftshop.club. It acts as a checkpoint between your developers and the wild west of npm, MCP servers, and browser extensions - blocking known threats, flagging suspicious updates, and requiring approval for packages that touch sensitive operations like email or database access.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of emails

emails

Photo of wild

wild

Photo of mcp

mcp

Related news:

News photo

Unofficial Postmark MCP npm silently stole users' emails

News photo

AI safety tool sparks student backlash after flagging art as porn, deleting emails

News photo

I built a CLI to test and eval MCP servers

« Harrods Warns Customers of Data Theft in Latest IT Breach
Slime mold meets encryption in a radical art experiment | SlimeMoldCrypt turns a biological process into a quantum-resistant encryption machine »