They're Getting Faster. Open Source Is Under Attack Right Now.

Recently I covered three open source supply chain attacks: Trivy, Axios, and the Linux Foundation. I said the pattern was worth watching. In the last 48 hours, three separate attacks hit three different ecosystems simultaneously: npm, PyPI, and Docker Hub. At the same time, a major breach at one of the most widely used developer platforms in the world is still actively unfolding. The techniques connecting all of it trace directly back to the attacks I covered last time. This video covers what's happening right now, what it means for your homelab and developer environment, and what you should do about it today. 🔗 Watch the previous video: https://youtu.be/S75WeLCOhZI 🔗 LINKS & SOURCES DB Tech: They Didn't Hack the Code, They Hacked the Person: https://youtu.be/S75WeLCOhZI Socket.dev: CanisterWorm technical analysis: https://socket.dev/blog/namastex-npm-packages-compromised-canisterworm StepSecurity: CanisterSprawl pgserve compromise: https://www.stepsecurity.io/blog/pgserve-compromised-on-npm-malicious-versions-harvest-credentials Socket.dev: Namastex npm packages compromised: https://socket.dev/blog/namastex-npm-packages-compromised-canisterworm The Hacker News: CanisterSprawl supply chain worm: https://thehackernews.com/2026/04/self-propagating-supply-chain-worm.html Vercel: April 2026 security incident bulletin: https://vercel.com/kb/bulletin/vercel-april-2026-security-incident TechCrunch: Vercel breach: https://techcrunch.com/2026/04/20/app-host-vercel-confirms-security-incident-says-customer-data-was-stolen-via-breach-at-context-ai/ Vercel CEO investigation update: https://www.panewslab.com/en/articles/019db86d-a5da-758c-b74d-b812eec62925 GitGuardian: three supply chain campaigns in 48 hours: https://blog.gitguardian.com/three-supply-chain-campaigns-hit-npm-pypi-and-docker-hub-in-48-hours/ The Register: npm supply chain worm: https://www.theregister.com/2026/04/22/another_npm_supply_chain_attack/ Mend.io: CanisterWorm technical breakdown: https://www.mend.io/blog/canisterworm-the-self-spreading-npm-attack-that-uses-a-decentralized-server-to-stay-alive/ Help Net Security: Vercel breach: https://www.helpnetsecurity.com/2026/04/20/vercel-breached/ Varonis: Vercel breach steps to take: https://www.varonis.com/blog/vercel-breach-2026 Trend Micro: Vercel breach OAuth supply chain: https://www.trendmicro.com/en_us/research/26/d/vercel-breach-oauth-supply-chain.html 🔒 SOCKET'S CANISTERSPRAWL TRACKING PAGE (for current affected package list): https://socket.dev/supply-chain-attacks/canistersprawl #selfhosted #homelab #opensource #cybersecurity #supplychain #npm #vercel #docker #proxmox #netsec Subtitles by WinWhisper /=========================================/ ✅ Amazon Wishlist: https://dbte.ch/amznwishlist Get early, ad-free access to new content by becoming a channel member, or a Patron! ✅ https://www.patreon.com/dbtech ✅ https://www.youtube.com/channel/UCVy16RS5eEDh8anP8j94G2A/join All My Social Links: ✅ https://dbt3.ch/@dbtech Join Discord! ✅ https://discord.gg/M9J6hFq /=========================================/ ✨Ways to support DB Tech: ✅ https://www.patreon.com/dbtech ✅ https://www.paypal.me/DBTechReviews ✅ https://ko-fi.com/dbtech ✅ Cashapp: https://cash.app/$dbtechyt ✅ Venmo: https://venmo.com/dbtechyt ✨Come chat in Discord: ✅ https://dbte.ch/discord