Malicious MCP Server Found Quietly Stealing Emails

A popular MCP server in the NPM repository that was being downloaded 1,500 times a week suddenly began quietly copying emails and sending them to a C2 server after the developer inserted a line of code. Koi Security researchers said the incident highlights the security threats organizations are letting in through their blind trust of AI tools.

The post Malicious MCP Server Found Quietly Stealing Emails appeared first on Security Boulevard.