Security Boulevard

No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 21–23, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD ...

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...
AutoGuide

The Best Socket Organizers Keep Your Tools Where You Need Them

Tired of opening your toolbox to a pile of sockets, with different sizes, drives, and types all in one disorganized pile? Sick of spending hours looking for the right socket only to find that you didn ...
The Georgia Straight

Top 5 Best Socket Organizers in 2026

For individuals who frequently use sockets, whether they are a professionally certified mechanic or a DIY hobbyist, socket organizers are deemed crucial. These organizatory tools keep your sockets in ...

Etherpad 2.7.0: Collaborative web editor without cloud dependency

Etherpad is a self-hostable web editor written in Node.js for real-time collaborative writing – functionally comparable to ...
Bleeping Computer

Latest Node.js news

Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. These 3,000+ packages make it ...