Threat Intelligence Report

First Malicious MCP in the Wild: The Postmark Backdoor That's Stealing Your Emails | Koi Blog

📅 September 28, 2025 📰 www.koi.security 🔍 0 CVE(s) referenced

The first-ever malicious MCP server, postmark-mcp, silently exfiltrated thousands of sensitive emails from hundreds of organizations by adding a single backdoor line—exposing the massive, unchecked risk of trusting unvetted tools with god-mode permissions in AI-driven workflows.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle