DevOps Pulse

GitHub's critical RCE vulnerability (CVE-2026-3854)

and Microsoft's Agent 365 Runtime Protection highlight AI security convergence as 88% of Enterprise Server instances remain unpatched. Cohesity targets $17B IPO valuation while GitProtect launches GitHub Enterprise Cloud data residency support, directly competing in Veeam's DevOps backup market. AI agents now exploit credentials 6 times faster than traditional attacks, with 92% of AI-generated code containing critical vulnerabilities, forcing enterprises to rethink backup strategies for autonomous development workflows.

Signals
35
Sections
5/5
Threats
9
Fresh
16
Updated
60d ago
Show

DevOps Platform Updates

scanned 61d ago8

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Critical RCE Vulnerability CVE-2026-3854

Critical vulnerability in GitHub.com and Enterprise Server allows remote code execution via git push commands. Affects millions of repositories and has been patched, but 88% of Enterprise Server instances remain unpatched. This vulnerability demonstrates the security risks of AI-augmented reverse engineering tools.

githubWiz Blog·29 AprRecent

Microsoft Agent 365 Runtime Protection for AI

Microsoft announced Agent 365 Runtime Protection for AI agents, enhanced GitHub Advanced Security with AI-code scanning, and Purview AI Data Security Investigations. These tools address threats from autonomous software agents and support AI regulation compliance ahead of EU AI Act requirements.

githubWindows News·30 AprNEW

GitLab 18.11 Agentic SAST Vulnerability Resolution GA

GitLab released version 18.11 with autonomous SAST vulnerability resolution generally available, two new foundational agents for CI and analytics, and budget guardrails for GitLab Duo Agent Platform. Features aim to reduce security bottlenecks through AI-powered remediation.

gitlabGitLab Releases·16 AprRecent

GitLab Security Update Fixes High-Severity CVE-2026-5173

GitLab patched CVE-2026-5173, a CVSS 8.5 websocket vulnerability allowing authenticated attackers to bypass access controls and invoke unintended server-side methods. The update also resolved 12 additional vulnerabilities ranging from high to low severity across versions 18.10.3, 18.9.5, and 18.8.9.

gitlabThe Cyber Express·8 Apr

Azure DevOps Sprint 268 GitHub Copilot Integration GA

Azure DevOps Sprint 268 made GitHub Copilot integration generally available, enabling code generation directly from Azure Boards work items. Also introduced Advanced Security Alert Metadata API, CodeQL Node.js v24 alignment, and deprecated Autobuild task in favor of buildless scanning.

azure-devopsMicrosoft Learn·27 Jan

Azure DevOps Personal Access Token Security Fix

Microsoft closed security gap allowing expired Personal Access Tokens to be modified or extended beyond expiration. Change enforces true token lifetimes, reduces credential leak risks, and helps meet compliance expectations by preventing tokens from persisting beyond intended lifetime.

azure-devopsMicrosoft Learn·31 Mar

Atlassian Security Bulletin 31 High & 7 Critical Vulnerabilities

Atlassian's April 21 security bulletin addressed 31 high-severity and 7 critical third-party vulnerabilities across Jira, Confluence, and other Data Center products. Updates include fixes for session hijacking, storybook token access, and virtual registry credential issues.

jiraAtlassian Security·21 AprRecent

Bitbucket OAuth Authentication Changes May 4th

Bitbucket enforced OAuth and token authentication security changes to align with standards and improve performance. Client credentials grants no longer issue refresh tokens, and personal workspace OAuth consumers are restricted to workspace data access only.

bitbucketAtlassian Developer·12 Apr