A malicious MCP server, identified as postmark-mcp, has been discovered exfiltrating sensitive emails by embedding a hidden BCC line in its code. This server, initially downloaded 1,500 times weekly, compromised around 300 organizations, resulting in significant email theft. The incident highlights vulnerabilities within the MCP ecosystem, where developers grant unchecked permissions to AI tools without adequate scrutiny. As malicious actors exploit these weaknesses, it raises urgent questions about software verification and security protocols in the tech community. This situation underlines the necessity for heightened vigilance and rigorous security measures to safeguard critical systems from similar threats in the future.