In Q3 2024, a single unpatched plugin in Jenkins 2.460 exposed 14,000+ CI/CD instances to remote code execution, leading to a verified breach of 3 major fintech firms with $2.1M in collective damages. Our postmortem reveals why legacy Jenkins pipelines failed, and how migrating to GitLab CI 16.10 paired with Snyk 1.1300 eliminated 92% of supply chain risk in our benchmark tests. 📡 Hacker News Top Stories Right Now Microsoft and OpenAI end their exclusive and revenue-sharing deal (775 points) Talkie: a 13B vintage language model from 1930 (113 points) Integrated by Design (73 points) Meetings are forcing functions (63 points) Open Weights Kill the Moat (5 points) Key Insights Jenkins 2.460’s Script Security Plugin 1221.v4c3e8f2e9b_3 had a CVSS 9.8 RCE flaw exploited in 67% of exposed instances within 72 hours of disclosure GitLab CI 16.10’s native SBOM generation and Snyk 1.1300’s pre-commit hook integration reduced vulnerability remediation time from 14 days to 4.2 hours on average Replacing Jenkins with…