DevOps Platform Updates
scanned 55d ago8Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitHub Hit by Critical RCE Vulnerability CVE-2026-3854
GitHub patched a high-severity remote code execution flaw (CVE-2026-3854) affecting crafted git push requests. The vulnerability could allow authenticated users to execute arbitrary code and potentially access other users' repositories on shared storage nodes. Discovered by Wiz researchers using AI-assisted reverse engineering techniques.
NHS Forces GitHub Repositories Private Due to AI Security Concerns
UK's NHS ordered all technology leaders to set GitHub repositories from public to private by May 11 due to AI security risks from Anthropic's Mythos model. The guidance cites concerns about AI models capable of large-scale code ingestion and inference that could exploit public repositories.
Microsoft Announces Agent 365 Runtime Protection for AI Security
Microsoft released Agent 365 Runtime Protection in public preview on April 30, alongside AI Security Posture Management in Defender for Cloud and enhanced GitHub Advanced Security. The updates include AI Data Security Investigations in Purview and new runtime protection layers for autonomous software agents.
GitLab Patches High-Severity Websocket Vulnerability CVE-2026-5173
GitLab released security updates for versions 18.10.3, 18.9.5, and 18.8.9 addressing CVE-2026-5173, a CVSS 8.5 websocket vulnerability allowing authenticated attackers to bypass access controls. The patch also fixes 11 additional vulnerabilities including denial-of-service issues in Terraform state lock and GraphQL APIs.
Azure DevOps Introduces CodeQL Default Setup Public Preview
Microsoft released CodeQL default setup in public preview for GitHub Advanced Security for Azure DevOps, enabling automatic code scanning without manual pipeline configuration. The update includes combined alerts view, security campaigns for coordinated remediation, and enhanced confidence filters for secret scanning.
Atlassian Introduces System Health Dashboard for Cloud Organizations
Atlassian made System Health generally available, providing organization admins a personalized dashboard showing app status, site-level incidents, and email alerts. The update also extends data export rules to block downloading files from Confluence and Jira attachments, and introduces Teamwork Collection signup in Administration.
Bitbucket Cloud Legacy Code Search API Deprecation Announced
Atlassian announced deprecation of Bitbucket Cloud legacy code search API endpoints effective May 1, 2026, with full removal on November 1, 2026. Repository-level and workspace-level code search endpoints will be replaced with new APIs currently in development ahead of the removal deadline.
AI-Assisted Discovery Uncovers GitHub Security Vulnerabilities
Security researchers used AI tools to discover high-severity GitHub vulnerabilities in under 48 hours, highlighting the growing use of machine learning for reverse engineering closed-source binaries. The research demonstrates how AI models are shifting vulnerability discovery capabilities and threat landscapes.