DevOps Pulse

GitHub patched a critical RCE vulnerability (CVE-2026-3854) discovered using AI-assisted reverse engineering

while AI-powered bots are systematically exploiting CI/CD pipelines to steal secrets across major repositories. Rubrik repositioned as an AI security company with 48% revenue growth to $350M, directly challenging Veeam's unified data+security approach. DevOps platforms suffered 9,255 hours of disruption with GitHub incidents surging 58%, highlighting reliability gaps as teams face crushing DORA/NIS2 compliance deadlines. The PM team should prioritize AI-specific security features and pipeline protection to counter emerging threats.

Signals
35
Sections
5/5
Threats
8
Fresh
15
Updated
54d ago
Show

DevOps Platform Updates

scanned 55d ago8

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Hit by Critical RCE Vulnerability CVE-2026-3854

GitHub patched a high-severity remote code execution flaw (CVE-2026-3854) affecting crafted git push requests. The vulnerability could allow authenticated users to execute arbitrary code and potentially access other users' repositories on shared storage nodes. Discovered by Wiz researchers using AI-assisted reverse engineering techniques.

githubMean CEO Blog·4 MayNEW

NHS Forces GitHub Repositories Private Due to AI Security Concerns

UK's NHS ordered all technology leaders to set GitHub repositories from public to private by May 11 due to AI security risks from Anthropic's Mythos model. The guidance cites concerns about AI models capable of large-scale code ingestion and inference that could exploit public repositories.

githubThe Register·5 MayRecent

Microsoft Announces Agent 365 Runtime Protection for AI Security

Microsoft released Agent 365 Runtime Protection in public preview on April 30, alongside AI Security Posture Management in Defender for Cloud and enhanced GitHub Advanced Security. The updates include AI Data Security Investigations in Purview and new runtime protection layers for autonomous software agents.

azure-devopsWindows News·1 MayRecent

GitLab Patches High-Severity Websocket Vulnerability CVE-2026-5173

GitLab released security updates for versions 18.10.3, 18.9.5, and 18.8.9 addressing CVE-2026-5173, a CVSS 8.5 websocket vulnerability allowing authenticated attackers to bypass access controls. The patch also fixes 11 additional vulnerabilities including denial-of-service issues in Terraform state lock and GraphQL APIs.

gitlabThe Cyber Express·5 Apr

Azure DevOps Introduces CodeQL Default Setup Public Preview

Microsoft released CodeQL default setup in public preview for GitHub Advanced Security for Azure DevOps, enabling automatic code scanning without manual pipeline configuration. The update includes combined alerts view, security campaigns for coordinated remediation, and enhanced confidence filters for secret scanning.

azure-devopsMicrosoft Learn·30 Apr

Atlassian Introduces System Health Dashboard for Cloud Organizations

Atlassian made System Health generally available, providing organization admins a personalized dashboard showing app status, site-level incidents, and email alerts. The update also extends data export rules to block downloading files from Confluence and Jira attachments, and introduces Teamwork Collection signup in Administration.

confluenceAtlassian Documentation·4 MayNEW

Bitbucket Cloud Legacy Code Search API Deprecation Announced

Atlassian announced deprecation of Bitbucket Cloud legacy code search API endpoints effective May 1, 2026, with full removal on November 1, 2026. Repository-level and workspace-level code search endpoints will be replaced with new APIs currently in development ahead of the removal deadline.

bitbucketAtlassian Developer Changelog·1 MayRecent

AI-Assisted Discovery Uncovers GitHub Security Vulnerabilities

Security researchers used AI tools to discover high-severity GitHub vulnerabilities in under 48 hours, highlighting the growing use of machine learning for reverse engineering closed-source binaries. The research demonstrates how AI models are shifting vulnerability discovery capabilities and threat landscapes.

githubAdversa AI·4 MayNEW