セキュリティニュースアラート: Jenkinsに複数の深刻な脆弱性 アップデートが難しい場合の暫定策は? Jenkins CIはコアおよびプラグインの脆弱性を公表した。アーカイブ展開時の任意ファイル書き込みやCLIの検証不備、APIキーの平文保存などが含まれる。RCEの恐れもあり、最新版への速やかな更新と認証設定の再確認が求められる。(2026/3/24) ...
Rubber Duck uses a second model from a different AI family to evaluate the primary agent’s plans, question assumptions, and ...
AI chatbots make it possible for people who can’t code to build apps, sites and tools. But it’s decidedly problematic.
The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
Wasm, PGlite, OPFS, and other new tech bring robust data storage to the browser, Electrobun brings Bun to desktop apps, ...
On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship ...
A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...
With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...
Active exploits, nation-state campaigns, fresh arrests, and critical CVEs — this week's cybersecurity recap has it all.
一部の結果でアクセス不可の可能性があるため、非表示になっています。
アクセス不可の結果を表示する