Mastodawn

⚠️ CVE-2026-26996: HIGH severity ReDoS in isaacs minimatch (<10.2.1). User-controlled glob patterns can cause exponential backtracking & DoS. Upgrade to 10.2.1+ & validate input! Info: https://radar.offseq.com/threat/cve-2026-26996-cwe-1333-inefficient-regular-expres-e16ebdd4 #OffSeq #ReDoS #NodeSecurity

Manuel Bissey Sep 2, 2025

Malicious npm package targets Node.js apps via SMTP abuse—developers must audit dependencies and monitor for covert exfiltration. 📦📤 #SupplyChainRisk #NodeSecurity

https://thehackernews.com/2025/09/malicious-npm-package-nodejs-smtp.html

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Malicious npm package nodejs-smtp, downloaded 347 times since April 2025, hijacks Atomic and Exodus wallets.

The Hacker News