Psa: Declare an Incident If Someone on Your Team Installed the Postmark-Mcp
Posted3 months agoActive3 months ago
twitter.comTechstory
supportivenegative
Debate
20/100
SecurityDependency ManagementIncident Response
Key topics
Security
Dependency Management
Incident Response
A developer warns teams to declare an incident if a team member installed the malicious 'postmark-MCP' package, highlighting the importance of monitoring dependencies and responding to potential security threats.
Snapshot generated from the HN discussion
Discussion Activity
Light discussionFirst comment
28m
Peak period
2
5-6h
Avg / period
1.3
Key moments
- 01Story posted
Sep 27, 2025 at 10:18 AM EDT
3 months ago
Step 01 - 02First comment
Sep 27, 2025 at 10:46 AM EDT
28m after posting
Step 02 - 03Peak activity
2 comments in 5-6h
Hottest window of the conversation
Step 03 - 04Latest activity
Sep 28, 2025 at 2:12 AM EDT
3 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45395925Type: storyLast synced: 11/20/2025, 5:28:51 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
We have seen thes so many times, and still do not want to do _anything_ against this attack vector. So sad to look at.
> All your emails had a secret BCC added to them since version 16.
https://www.koi.security/blog/postmark-mcp-npm-malicious-bac...