Cloudflare is redefining AI-era software development by integrating the world's most widely adopted modern web tooling ...

Google is reportedly offering to pay select Android developers for source-code access. Here’s what Play Store developers ...

VoidZero's toolchain, anchored by Vite, has emerged as the shared substrate for the web ecosystem, capturing over 130 million weekly downloads. The Cloudflare Vite plugin has reached 13.9 million ...

Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The ...

Computational chemists at the University of Amsterdam's Van 't Hoff Institute for Molecular Sciences have developed a ...

Days after IBM and Red Hat announced a master security plan for open-source software, Red Hat suffers a major breach of its ...

Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard ...

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

The OWASP-backed tool scans JavaScript and TypeScript lockfiles locally, aiming to help developers catch and remediate dependency risks before CI failures.

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Bumblebee from Perplexity scans developer machines for compromised packages and AI tool configs, without triggering malware.