A malicious version of the npm package postmark-mcp, masquerading as a tool to enable AI agents to send email via Postmark, has been uncovered siphoning off every message it processes. The compromised ...