DevOps Pulse

GitHub's critical CVE-2026-3854 RCE vulnerability remains

exploitable via git push while an AI agent autonomously deleted a production database and backups in 9 seconds at PocketOS. GitProtect launched GitHub Enterprise Cloud Data Residency support, claiming first-to-market advantage in regulated DevOps backup. DevOps threats jumped 21% year-over-year with $740K in lost productivity, as NIS2 and DORA enforcement forces EU organizations to scramble for compliance-ready backup infrastructure.

Signals
27
Sections
5/5
Threats
5
Fresh
12
Updated
58d ago
Show

DevOps Platform Updates

scanned 58d ago6

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

Microsoft Agent 365 Runtime Protection for AI Agents

Microsoft released Agent 365 Runtime Protection on April 30, 2026, providing security controls for AI agents across the ecosystem. The announcement includes GitHub Advanced Security AI-code scanning enhancements and Microsoft Purview AI Data Security Investigations to address threats from autonomous software agents. This responds to growing enterprise adoption of AI agents and upcoming EU AI Act requirements.

githubWindows News·1 MayRecent

GitHub Enterprise Server Critical RCE Vulnerability

CVE-2026-3854, a critical vulnerability discovered using AI-assisted reverse engineering, allows authenticated users to execute arbitrary commands on GitHub's backend servers via git push injection. This high-severity flaw (CVSS 8.7) affects GitHub Enterprise Server and has been patched, marking one of the first critical vulnerabilities found in closed-source binaries using AI tooling.

githubWiz Blog·21 Apr

GitHub AI-Powered Security Detections Launch

GitHub introduced AI-powered security detections in GitHub Code Security to expand vulnerability coverage across more languages and frameworks including Shell/Bash, Dockerfiles, Terraform, and PHP. The feature complements CodeQL static analysis and shows 80% positive developer feedback in internal testing. Public preview planned for early Q2 2026.

githubGitHub Blog·23 Mar

GitLab Security Update Fixes High-Severity Websocket Vulnerability

GitLab released emergency security patches for versions 18.10.3, 18.9.5, 18.8.9 addressing CVE-2026-5173, a high-severity websocket vulnerability (CVSS 8.5) that allows authenticated attackers to bypass access controls. The update also patches 11 additional vulnerabilities including DoS issues in Terraform and GraphQL APIs.

gitlabThe Cyber Express·10 Apr

Bitbucket OAuth Authentication Breaking Changes

Atlassian enforces OAuth and token-authentication changes for Bitbucket Cloud on May 4, 2026. Client credentials grants will no longer issue refresh tokens, and personal workspace OAuth consumers will be restricted to owning workspace data only. These changes align with OAuth standards and improve security but may break existing integrations.

bitbucketBitbucket Cloud Changelog·5 Mar

Azure DevOps Bitbucket Integration Broken by API Deprecation

Azure DevOps users report widespread failures connecting to Bitbucket Cloud due to Microsoft's continued reliance on deprecated Atlassian 'hooks & services' APIs. Users facing service disruption are being forced to migrate away from Azure DevOps or implement manual workarounds. Microsoft has not provided an ETA for updating to newer Bitbucket APIs.

azure-devopsMicrosoft Q&A·8 Apr