Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On September 25, 2025, the npm package postmark-mcp, an MCP (Model Context Protocol) server intended to let AI assistants send emails via Postmark, was reportedly modified to secretly exfiltrate email contents by adding a blind-copy (BCC) to an external domain. Current analysis suggests the behavior began around 1.0.16 and persisted in later versions.

As businesses strive to secure sensitive cardholder data and stay compliant with Payment Card Industry Data Security Standard (PCI DSS) v4.0.1, one of the most overlooked areas is developer training. The latest version of the PCI DSS places clear emphasis on ensuring developers are not only residually aware of security best practices, but are actively trained to build secure software and detect vulnerabilities. This is where Snyk Learn comes in.

We’re thrilled to share that Snyk has, for the sixth time and fifth consecutive year, been named to the Forbes Cloud 100 ranked at, recognizing the world’s most innovative private cloud companies. This year’s recognition is especially meaningful, reflecting the bold step we took in May to launch the AI Trust Platform, reorienting Snyk around a single mission — securing the future of AI-native software development.

Company overview: Labelbox is the leading data factory for delivering high-quality, frontier data to top AI labs and enterprise AI teams.

As AI transforms software development, AppSec teams face new complexities. For instance, the lack of visibility into where AI is being used and the reality that AI-generated code is often highly vulnerable make it nearly impossible to prioritize remediation and effectively scale security programs. To succeed, AppSec teams have to evolve from task managers to strategic governance enforcers.

This is an ongoing incident and updates will be provided as more information is confirmed.

Security issues in software development often stem not from developers’ lack of concern but from a fundamental disconnect between development and security teams. Each wants to do their job well, but their goals and expectations frequently conflict. This misalignment costs organizations in heightened security risks and tangible operational setbacks. Security issues identified too late in the cycle delay releases and increase project costs.