Discover the best products, open-source tools & builder insights
Explore handpicked SaaS products, GitHub projects, tech blogs, free resources, and founder tools — curated for builders.
Trending Leaderboard
Top products and open-source projects gaining attention this week.
- 1
Easy Site ControlBuild your frontend while we handle everything backend - from databases and authentication to file storage, real-time features, and deployment. Complete infrastructure, zero DevOps.43700 - 2
TechLogHubDiscover, launch, and track the next generation of tech products and open-source innovation.35900 - 4HubSpotAll-in-one AI‑powered customer platform that unites marketing, sales, service and CRM to grow businesses faster.8800
Open Source Projects
Discover trending GitHub repositories.
Latest from the Blog
Insights, guides and stories for builders.
Ukrainian national pleads guilty to role in Conti ransomware operation
A Ukrainian national extradited from Ireland to the United States pleaded guilty to conspiracy to commit wire fraud in connection with the Conti ransomware operation, admitting to joining the group in September 2021 and possessing data stolen from eight U.S. victims and four overseas victims. He helped code a loader used in attacks and faces up to 20 years in prison. Conti, linked to TrickBot, targeted more than 1,000 victims and collected over $150 million in ransom before disbanding in 2022.
Over 400 Arch Linux packages compromised to push rootkit, infostealer
More than 400 Arch User Repository (AUR) packages were compromised by a threat actor who spoofed a trusted maintainer to push infected updates. The attackers inserted preinstall scripts that download a malicious npm package, atomic-lockfile, whose Linux ELF payload functions as a credential stealer and includes an optional eBPF rootkit to hide activity. The malware targets sensitive data such as GitHub credentials, SSH artifacts, Vault tokens, browser cookies, and data from Slack, Discord, Microsoft Teams, and Telegram, with exfiltration capabilities. Investigations by IFIN and Sonatype detail the campaign, including hijacking orphaned packages and modifying PKGBUILD files to invoke npm during installation. Arch maintainers are removing malicious commits, advising users to audit affected packages, rotate credentials, and consider reinstalling Arch if compromised; a detection script is also recommended.
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
Early warning signs of software supply-chain attacks are already appearing in dark-web forums and marketplaces, often not labeled as such but involving GitHub access, private repositories, source code, API keys, OAuth tokens, cloud credentials, and CI/CD data. The article emphasizes that the risk lies in where access sits within trusted relationships across vendors and developers, not in a single incident, and it cites cases like the April 2026 Vercel breach and discussions around TeamPCP, Mistral AI, Sportradar, and the Shai-Hulud npm attack to show how leaked credentials and development tooling can enable broader compromises. For defenders, it recommends broader monitoring that includes exposed developer credentials, SaaS access, environment variables, package registry tokens, and CI/CD secrets, in addition to vulnerability alerts, and highlights Flare’s free underground monitoring as a way to detect threats early.
Microsoft Fixes Windows Update Failures Linked to WUSA Installer
Microsoft has fixed a WUSA update failure that affected updates released since May 2025 when installed from network shares. The issue impacted Windows 11 24H2/25H2 and Windows Server 2025 on enterprise networks, but not local or single .msu installations. The fix is included in the June 2026 Patch Tuesday cumulative updates for Windows 11 (KB5079391) and Windows Server 2025 (KB5094125). Workarounds if you were affected: save the .msu files locally and install from there, and after a restart, wait at least 15 minutes before checking Update History.
Free Developer Tools
65+ browser-based tools that work instantly with no signup
JSON Formatter
Format, validate, and beautify JSON with syntax highlighting
cURL → Fetch
Convert cURL commands to JavaScript fetch() calls instantly
JSON → TypeScript
Convert JSON to TypeScript interface and type definitions
Base64 Encoder / Decoder
Encode plain text to Base64 or decode Base64 back to text
Slug Generator
Generate URL-friendly slugs from any text
llms.txt Generator
Generate llms.txt files for LLM crawler guidance
Join 10,000+ builders
Get weekly updates on new products, open-source projects and the best builder resources.