Cloudflare Inc. today said it has acquired VoidZero Inc., the open-source company behind Vite and the widely used JavaScript ...

Multiple npm supply chain attacks used 50+ poisoned packages to spread IronWorm, a Rust-based stealer, and a Miasma worm ...

VoidZero's toolchain, anchored by Vite, has emerged as the shared substrate for the web ecosystem, capturing over 130 million weekly downloads. The Cloudflare Vite plugin has reached 13.9 million ...

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...

Acquisition brings Vite, the world’s leading JavaScript build tool, and its core open source team to Cloudflare Cloudflare commits $1 million to an independent Vite ecosystem fund to support open sour ...

A malware named IronWorm spread through 36 npm packages in the Arweave ecosystem, stealing developer credentials and self ...

The best engineers I know are shipping more code than ever and writing less of it by hand,' said Cloudflare CEO Matthew ...

The four C&C channels used by GlassWorm, the botnet targeting open source software developers, have been disrupted.

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

Claude Code Dynamic Workflows, launched May 28, 2026, replaces context-window orchestration with a JavaScript script Claude writes on the fly for each task. Runs cap at 1,000 parallel subagents with ...

A coordinated malware campaign known as TrapDoor has hit software ecosystems widely used by crypto and blockchain developers.