Cloudflare Inc. today said it has acquired VoidZero Inc., the open-source company behind Vite and the widely used JavaScript ...

Recently, npm, the essential package manager used by developers worldwide, suffered a massive supply chain attack. This ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

The Federal Trade Commission issued a consumer alert in June 2026 warning that a new breed of fake CAPTCHA pop-ups is tricking Windows users into running malicious commands on their own computers. The ...

Mastra npm packages added easy-day-js malware, exposing developer systems and CI runners to infostealer risks.

Cloudflare VoidZero acquisition gives a competing CDN governance of Vite, the open source JavaScript build tool with 130 million weekly downloads and default status in React Router, Nuxt, SvelteKit, ...

Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency ...

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

The relationship between President Donald Trump and Senate Republicans seems to be nearing a breaking point. Tensions flared ...

Authorities announced taking down 106 SocGholish botnet C&C servers and domains, and cleaning up 15,000 WordPress websites.