セキュリティニュースアラート： Jenkinsに複数の深刻な脆弱性　アップデートが難しい場合の暫定策は？ Jenkins CIはコアおよびプラグインの脆弱性を公表した。アーカイブ展開時の任意ファイル書き込みやCLIの検証不備、APIキーの平文保存などが含まれる。RCEの恐れもあり、最新版への速やかな更新と認証設定の再確認が求められる。（2026/3/24） ...

ターミナルで動作するGitHubネイティブの開発エージェントGitHub Copilot CLIは、experimental(実験的)機能に、ほかのモデルをセカンドオピニオンとして補完できる機能「Rubber Duck」を追加した。

Microsoft has released version 1.0 of its open-source Agent Framework, positioning it as the production-ready evolution of the project introduced in October 2025 by combining Semantic Kernel ...

A Python package presented as a privacy-first shortcut to AI models has been unmasked as a supply-chain threat that quietly captures user prompts, leans on a private university service without ...

Anthropic is trying to remove details about its coding agent from GitHub, but programmers are converting the code into ...

Uploads bring prompts and responses, but not project files, attachments, or AI-generated images. The rollout skips the UK, ...

Threats actors pounced on the vulnerability within hours of its disclosure, demonstrating that organizations have little time ...

After hacking Trivy, TeamPCP moved to compromise repositories across NPM, Docker Hub, VS Code, and PyPI, stealing over 300GB ...

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes ...

Supply chain attacks feel like they're becoming more and more common.