Cloudbase Sensor、Java・Pythonに対応

Cloudbase株式会社(本社:東京都港区、代表取締役CEO:岩佐晃也)は、同社が提供する国産CNAPP(CSPM、SBOM、脆弱性管理)「Cloudbase」において、Cloudbase Sensorの機能を拡張し、新たにJavaおよびPythonパッケージのスキャン機能を追加したことをお知らせします。 これにより、従来のNode.jsに加え、JavaやPythonといった主要言語への対応を実 ...
The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...
XDA Developers on MSN

A popular Python library just became a backdoor to your entire machine

Supply chain attacks feel like they're becoming more and more common.
VentureBeat

OpenAI upgrades its Responses API to support agent skills and a complete terminal shell

Credit: VentureBeat made with GPT-Image-1.5 on fal.ai Until recently, the practice of building AI agents has been a bit like training a long-distance runner with a thirty-second memory. Yes, you could ...