DevOps Platform Updates
scanned 38d ago7Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitHub Hacked: 3,800 Internal Repos Compromised via Poisoned VS Code Extension
GitHub confirmed a major breach on May 20, 2026, where a malicious VS Code extension compromised 3,800 internal repositories. The incident highlights growing security risks around developer toolchain extensions and AI-powered development environments, with attackers increasingly targeting the broader ecosystem rather than core platforms directly.
GitLab 19.0 Launches AI-Powered Secrets Manager and Agentic Workflows
GitLab released version 19.0 on May 22, 2026, introducing expanded secrets management, agentic merge request workflows, and support for self-hosted AI models including Mistral Devstral 2 123B and GLM-5.1. The release addresses the 'AI Paradox' where code generation accelerated but security and governance lagged behind.
Critical Azure DevOps Information Disclosure Vulnerability Patched
Microsoft's May 2026 Patch Tuesday addressed CVE-2026-42826, a Critical information disclosure vulnerability in Azure DevOps with CVSS score 10.0. The vulnerability allows unauthenticated remote attackers to disclose sensitive information over a network, affecting both cloud and on-premises installations.
Atlassian Security Bulletin: 42 Vulnerabilities Fixed Across Products
Atlassian published its May 19, 2026 security bulletin covering 39 high-severity and 3 critical-severity third-party vulnerabilities fixed across Jira, Confluence, and Bitbucket Data Center. The bulletin includes fixes for multiple CVEs affecting core platform security and emphasizes the need for immediate patching.
GitHub Announces AI-Powered Code Security Expansion
GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detection beyond CodeQL static analysis. The hybrid model combines traditional semantic analysis with AI detections to cover Shell/Bash, Dockerfiles, Terraform, and PHP ecosystems, entering public preview in Q2 2026.
Major Atlassian Service Outage Impacts All Products
On May 14, 2026, Atlassian experienced a significant outage affecting Bitbucket, Jira, Confluence, and other products due to elevated error rates and degraded performance. The incident was resolved within hours but highlighted the interconnected nature of modern DevOps platform dependencies.
DevOps Threat Report 2026: AI Expands Attack Surface
GitProtect's 2026 DevOps Threats Report reveals that AI integration in DevOps platforms significantly expands attack surfaces, with 68 AI-related security incidents identified in 2025. The report emphasizes adopting Zero Trust approaches for AI assistants and highlights increased supply chain attacks targeting code repositories.