DevOps Platform Updates
scanned 34d ago7Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.
GitHub Confirms Major Security Breach - 3,800 Repos Compromised
GitHub confirmed unauthorized access to approximately 3,800 internal repositories via a malicious VS Code extension. The breach occurred through employee workstation compromise, linked to TeamPCP threat group. No customer data affected, but internal source code and tools were exfiltrated.
GitHub Actions Security Roadmap 2026 Announced
GitHub unveiled comprehensive security improvements for Actions including deterministic dependencies, policy controls, and fail-fast verification. The roadmap addresses supply chain attacks targeting CI/CD automation with secure-by-default configurations and enhanced observability.
Atlassian Security Bulletin - 42 Vulnerabilities Fixed
Atlassian published Security Bulletin for May 19, 2026, addressing 39 high-severity and 3 critical third-party vulnerabilities across Jira, Confluence, and other products. Updates include fixes for authentication bypass and cross-site scripting issues.
Azure DevOps Critical Vulnerability CVE-2026-42826 Patched
Microsoft addressed CVE-2026-42826, a critical information disclosure vulnerability in Azure DevOps with CVSS 10.0 score. The flaw allows unauthenticated attackers to access sensitive information over network connections.
CISA GitHub Leak Taken Down by Security Researchers
GitGuardian discovered and reported a 844 MB leak of CISA secrets in public GitHub repository 'Private-CISA'. The repository contained AWS tokens, certificates, and sensitive infrastructure data. CISA removed it within 26 hours of disclosure.
GitHub NPM Supply Chain Security Updates Released
GitHub shipped npm supply-chain security improvements with staged publishing generally available and new install source controls. Updates include allow flags for file, remote, and directory installs to strengthen package security.
Bitbucket Data Center 10.2 LTS Release Available
Atlassian released Bitbucket Data Center 10.2 Long Term Support version with enhanced service accounts, OAuth 2.0 support for app links, and critical security updates. The LTS release provides 2-year support window for enterprise deployments.