Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web ...
It appears, however, that the developer took the legitimate code from the Postmark MCP server's GitHub repository, added the ...
A npm package copying the official 'postmark-mcp' project on GitHub turned bad with the latest update that added a single ...
A malicious npm package named Fezbox has been found using an unusual technique to conceal harmful code. The package employs a ...
In the light of recent supply chain attacks targeting the NPM ecosystem, GitHub will implement tighter authentication and ...
Following a number of recent high-profile attacks and hacking attempts, GitHub has decided to make substantial changes to the ...
In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the ...
In a newly disclosed supply-chain attack, an npm package “postmark-mcp” was weaponized to stealthily exfiltrate emails, ...
The security researchers who discovered the malicious npm package called it the “first malicious MCP in the wild” ...
PyPI, the default platform for Python's package management tools, is warning users of a fresh phishing campaign.
Security researchers have spotted what they think is the world's first malicious model context protocol (MCP) server, made ...
A popular MCP server in the NPM repository that was being downloaded 1,500 times a week suddenly began quietly copying emails and sending them to a C2 server after the developer inserted a line of ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback