DevOps Pulse

GitHub confirmed a major security breach affecting 3

800 internal repositories via malicious VS Code extension, highlighting supply chain risks that now threaten backup infrastructure directly. Veeam launched the DataAI Command Platform combining AI security, governance, and precision rollbacks to counter the agentic AI risk explosion. DevOps incidents surged 21% in 2025 with 9,255 hours of downtime costing $740,000 in lost productivity while Azure DevOps patched CVE-2026-42826 with maximum CVSS 10.0 severity. The PM team must accelerate AI security integration as backup systems become primary ransomware targets, not just recovery tools.

Signals
29
Sections
5/5
Threats
7
Fresh
8
Updated
34d ago
Show

DevOps Platform Updates

scanned 34d ago7

Latest announcements and changes from GitHub, GitLab, Azure DevOps, Bitbucket, and Atlassian.

GitHub Confirms Major Security Breach - 3,800 Repos Compromised

GitHub confirmed unauthorized access to approximately 3,800 internal repositories via a malicious VS Code extension. The breach occurred through employee workstation compromise, linked to TeamPCP threat group. No customer data affected, but internal source code and tools were exfiltrated.

githubBleepingComputer·20 MayRecent

GitHub Actions Security Roadmap 2026 Announced

GitHub unveiled comprehensive security improvements for Actions including deterministic dependencies, policy controls, and fail-fast verification. The roadmap addresses supply chain attacks targeting CI/CD automation with secure-by-default configurations and enhanced observability.

githubGitHub Blog·30 Mar

Atlassian Security Bulletin - 42 Vulnerabilities Fixed

Atlassian published Security Bulletin for May 19, 2026, addressing 39 high-severity and 3 critical third-party vulnerabilities across Jira, Confluence, and other products. Updates include fixes for authentication bypass and cross-site scripting issues.

confluenceAtlassian Security·19 MayRecent

Azure DevOps Critical Vulnerability CVE-2026-42826 Patched

Microsoft addressed CVE-2026-42826, a critical information disclosure vulnerability in Azure DevOps with CVSS 10.0 score. The flaw allows unauthenticated attackers to access sensitive information over network connections.

azure-devopsCrowdStrike·14 May

CISA GitHub Leak Taken Down by Security Researchers

GitGuardian discovered and reported a 844 MB leak of CISA secrets in public GitHub repository 'Private-CISA'. The repository contained AWS tokens, certificates, and sensitive infrastructure data. CISA removed it within 26 hours of disclosure.

githubGitGuardian·14 May

GitHub NPM Supply Chain Security Updates Released

GitHub shipped npm supply-chain security improvements with staged publishing generally available and new install source controls. Updates include allow flags for file, remote, and directory installs to strengthen package security.

githubReleasebot·25 MayNEW

Bitbucket Data Center 10.2 LTS Release Available

Atlassian released Bitbucket Data Center 10.2 Long Term Support version with enhanced service accounts, OAuth 2.0 support for app links, and critical security updates. The LTS release provides 2-year support window for enterprise deployments.

bitbucketAtlassian Documentation·3 Mar