However, by removing the package, it will not remove from the machines that already run. Although it is unclear how many developers have actually downloaded the version, each of each of the “average 1500 weekly” is compromised by each one – the factors that probably motivate the swift withdrawal of the package attacker.
To reduce the damage, KOI recommends immediate removal of postmark-MCP (version 1.0.16), the rotation of credentials is probably leaked via email, and all MCPS in use completely audit.
“These MCP servers run with the same privileges that self -complete email access, database connections, API permissions as AI assistants – yet they do not appear in any property inventory, the sellers abandon the risk assessment, and bypassing every security control from DLP to email gateway,” said dedicman. “As long as someone finds out that his AI assistant has been quietly BCC: Email ING to an external server for months, damage is already frightening.”
Safety doctors have suspected MCP since Cloud’s creator, Anthropic. Over time, the protocol has hit several bumps, in which vendors such as anthropic and asanas have reported important flaws in their MCP implementation.
