セキュリティニュースアラート： Jenkinsに複数の深刻な脆弱性　アップデートが難しい場合の暫定策は？ Jenkins CIはコアおよびプラグインの脆弱性を公表した。アーカイブ展開時の任意ファイル書き込みやCLIの検証不備、APIキーの平文保存などが含まれる。RCEの恐れもあり、最新版への速やかな更新と認証設定の再確認が求められる。（2026/3/24） ...

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

A critical supply chain attack has compromised the popular JavaScript library axios, leading to developers unknowingly ...

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...