VoidZero's toolchain, anchored by Vite, has emerged as the shared substrate for the web ecosystem, capturing over 130 million weekly downloads. The Cloudflare Vite plugin has reached 13.9 million ...

Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue ...

Claude Code Dynamic Workflows, launched May 28, 2026, replaces context-window orchestration with a JavaScript script Claude writes on the fly for each task. Runs cap at 1,000 parallel subagents with ...

Sometime in late May 2026, a poisoned update slipped into the @antv family of JavaScript visualization libraries, the ...

GitHub CISO Alexis Wales confirmed Thursday that a poisoned build of the Nx Console Visual Studio Code extension — live on ...

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers exfiltrated code from around 3,800 of the company’s internal repositories. News of ...

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, this time targeting the widely-used AntV enterprise data visualization tool.

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

Supply chain security company Safety has discovered a trojan masquerading as Anthropic’s popular Claude Code AI software development assistant. Anthropic describes Claude Code is an agentic coding ...

Would you like a closer look at Claude? Someone at Anthropic has some explaining to do, as the official npm package for Claude Code shipped with a map file exposing what appears to be the popular AI ...

Cloudflare elevates its commitment to Astro as an open source framework to ensure Astro remains the fastest, most reliable framework to build content-driven websites Cloudflare, Inc. (NYSE: NET), the ...