⚠️ Node.js 20 is officially End-of-Life. Staying on an unsupported version introduces significant security risks, but we know migration takes time. Join members of the Node.js Technical Steering Committee Matteo Collina and Marco Ippolito as we discuss how to navigate this transition safely. We’ll cover: ✅ The logic behind the new release cadence leading to Node 27. ✅ How the project is defending against the surge of AI-generated CVE reports. ✅ Support options for those unable to migrate off Node 20 immediately. Don’t leave your production environment to chance. Hear directly from the maintainers. 📅 May 27 | 11:00 AM EST 👉 Register for the live session:

🚨 node-ipc is compromised again. Three new malicious versions just dropped: 9.1.6, 9.2.3, and 12.0.1. Socket’s AI scanner flagged them as malware within three minutes of publication. The attack vector: a dormant maintainer account (atiertant) was likely taken over via an expired email domain. The attacker registered the lapsed domain, triggered an npm password reset, and gained publish rights to a package with millions of historical downloads. The payload is a credential stealer embedded in the CommonJS entrypoint (node-ipc.cjs). It activates on require(“node-ipc”), not through a postinstall script. Here’s what it does: •Fingerprints the host (OS, arch, hostname, uname) •Harvests 113-127 credential file patterns depending on platform (AWS, GCP, Azure, SSH keys, Kubernetes configs, npm tokens, .env files, shell histories, macOS Keychain databases, and more) •Dumps the entire process.env, capturing every CI secret and cloud credential in memory •Builds a gzip archive in a temp directory •Exfiltrates everything over DNS TXT queries to bt[.]node[.]js, using a bootstrap resolver at sh[.]azurestaticprovider[.]net:443 (a deliberate lookalike of Microsoft’s Azure Static Web Apps domain) The DNS exfiltration is chunked. A 500 KB archive generates roughly 29,400 TXT queries. The body is XOR-encrypted with a SHA-256 keystream, base64-encoded, alphabet-substituted, and split into 31-character chunks before hex-encoding into DNS labels. Header, data, and footer queries use xh, xd, and xf prefixes respectively. The malware forks a detached child process (env var __ntw=1) so credential theft runs silently in the background. It also exposes a __ntRun export, meaning any downstream code that calls require(“node-ipc”).__ntRun() can trigger a second collection/exfiltration cycle. ESM-only consumers using the import path are not affected by the reviewed package metadata. CommonJS consumers are. This is the same package involved in the 2022 protestware incident. It has a history. If you use node-ipc: •Do not install 9.1.6, 9.2.3, or 12.0.1 •Audit your lockfiles for these versions •If you loaded the CommonJS entrypoint, treat all environment variables, SSH keys, cloud credentials, npm tokens, and local secrets as compromised. Rotate immediately. •Hunt for DNS TXT queries to bt[.]node[.]js and sh[.]azurestaticprovider[.]net in your network logs •Check for temp files matching /nt-/.tar.gz Credit to Ian Ahl (@TekDefense) for first publicly identifying the expired-domain account takeover vector. Developing story. Full technical breakdown and IOCs on the Socket blog:

🎉PEAK NODE Official Sale Launch + Community Giveaway! To celebrate the official sale launch of PEAK NODE (10,000 exclusive nodes) and thank our early supporters, we’re hosting a special Double Prize Giveaway! Prize Pools: 🔥100 random winners → 50 USDT each 🔥Lucky Tail Number: Wallets whose suffix contains the secret code (to be announced) → 100 $PEAK each How to Enter (3 simple steps): 1. Follow @PEAK_solana 2. Like + Repost this post 3. Reply below with your Solana wallet address Key Dates: · PEAK NODE Launch + Giveaway starts: March 20, 2026 at 04:18 UTC (12:18 UTC+8) · Twitter Space: March 24, 2026 at 20:00 · Winners announced: April 1, 2026 · Rewards distributed within 7 days after announcement Node Reward Info: All node holders will collectively share 1 billion $PEAK. In the first year, 986,310 $PEAK will be evenly distributed daily among all sold nodes. Important: The earlier you secure your PEAK NODE, the more $PEAK you’ll receive every day. Early holders get the biggest share! Transparent, fair, and only Solana addresses. We will never ask for seed phrases or private keys. RT & quote this post to help spread the word! 🔥 Big thanks to all KOLs and builders supporting PEAK! #PEAK# #NODE# #Giveaway# #Solana#

RGB Lightning Node v0.0.3 is now live. Public repo: This release focuses on wallet security and client lifecycle management — laying the groundwork for a production-ready self-custodial experience. Key updates: — Wallet Security: Password-protected wallet creation and import. Mnemonic backup now available in Settings with password verification. — Client Lock: Lock the control panel when stepping away. Password required to resume. — Exit Flow: Clean exit confirmation with proper session teardown. The RGB Lightning Node is becoming a complete desktop environment for managing tokenized assets over Bitcoin's Lightning Network — not just a dev tool, but a product. Make Bitcoin Smart.