Add your product or open-source project on TechLogHub
Listing is free. Sponsored featured placements are paid and priced in USD — open the pricing dialog to see plan details.
Products
Discover amazing products built by our community
Open Source ProjectsNEW
Curating the best open-source projects shaping the future
Latest from the Blog
Analysis, product insight, and practical reads for builders
Discord Rolls Out End-to-End Encryption for Voice and Video Calls
Discord now provides end-to-end encryption by default for all voice and video calls across platforms, covering DMs, group DMs, voice channels, and Go Live streams, with stage channels excluded. Built on the extended DAVE protocol after extensive testing, there is no opt-in required and no plans to encrypt text-based messages.
Microsoft testing adjustable taskbar, Start menu in Windows 11
Microsoft tests Windows 11 Insider Preview Build 26300.8493, bringing back a resizable taskbar that can be placed on any screen edge and use smaller icons, plus Start menu customization (toggle recommendations, adjust size, keep recently installed apps, and hide your name/profile). The release also introduces a faster, dark-mode Run dialog (with the Browse button removed) and signals broader UI tweaks, reduced notifications, simpler settings, and improved search to enhance overall performance.
Leaked Shai-Hulud malware fuels new npm infostealer campaign
Leaked Shai-Hulud malware is driving a new npm infostealer campaign, with four typosquatted packages (chalk-tempalte, @deadcode09284814/axios-util, axois-utils, color-style-utils) that exfiltrate credentials, secrets, and crypto wallet data; one also acts as a DDoS bot. Chalk-tempalte appears to be a Shai-Hulud clone deployed by a copycat actor (not TeamPCP). Stolen data is sent to a C2 server at 87e0bbc636999b.lhr.life. Researchers urge removing infected packages and rotating credentials/API keys; the four packages have about 2,678 downloads.
Grafana Breach Caused by Missed Token Rotation After TanStack Attack
Grafana says a data breach occurred when a single GitHub workflow token was missed during rotation after the TanStack npm supply-chain attack tied to the Shai-Hulud campaign, allowing attackers to access private repositories. The malicious TanStack package exfiltrated tokens after Grafana’s CI/CD pulled it, and although Grafana rotated many tokens, one token remained compromised. The intruder also downloaded some operational details, including business contact information, but Grafana asserts no customer production data or systems were affected and the codebase wasn’t modified. No action is needed by users unless new evidence changes the assessment, in which case Grafana will notify affected customers.