Skip to main content
News

Company & Industry Updates

Announcements, technology updates, and industry news from Private DevOps LTD.

34 news items7 topics

Showing 1-30 of 34 news items

Page 1 of 2

Server & DevOpsJun 24, 2026

AI Agents Broke GitHub and Gave Elon Musk a Shot at Owning the Code You Write

AI agents now write a large and growing share of all code, and the strain has broken GitHub's pricing and infrastructure. That cracked open the Git layer, Cursor built its own forge, and then SpaceX bought Cursor and tied it to Grok plus its energy and compute. Here is the calm map of what it means for your team.

Read more about AI Agents Broke GitHub and Gave Elon Musk a Shot at Owning the Code You Write
Server & DevOpsJun 22, 2026

Cursor Origin Is a Git Forge for AI Agents Worth Watching

On June 16, 2026, Cursor announced Origin, a Git-compatible forge built for AI agents committing in parallel, not human-paced workflows. It is waitlist-only with general availability in fall 2026, and Cursor's parent was acquired by SpaceX the same day. Here is the calm take on whether your team should care yet.

Read more about Cursor Origin Is a Git Forge for AI Agents Worth Watching
SecurityJun 21, 2026

If You Use Gravity SMTP On WordPress Rotate Your Email API Keys Now

CVE-2026-4020 in the Gravity SMTP WordPress plugin (about 100,000 installs) lets an unauthenticated attacker pull your email provider API keys straight off the site, and bots are mass-exploiting it. It is rated CVSS 7.5 (High). Here is what leaks, why it deserves immediate attention, and the patch-and-rotate steps.

Read more about If You Use Gravity SMTP On WordPress Rotate Your Email API Keys Now
SecurityJun 19, 2026

Two Critical NGINX Bugs Dropped This Week And Who Is Actually At Risk

F5 shipped out-of-band patches on June 17, 2026 for two critical NGINX flaws, CVE-2026-42530 and CVE-2026-42055, both CVSS 9.2 and both unauthenticated. The headline is scary, but the exploitable surface is narrow. Here is which versions and configs are at risk, why it is a denial of service for most rather than code execution, and what to do.

Read more about Two Critical NGINX Bugs Dropped This Week And Who Is Actually At Risk
SecurityJun 18, 2026

GitHub's July 15 OIDC Change Will Not Break Your Existing AWS Deploys

GitHub is rolling out immutable OIDC subject claims on July 15, 2026, and plenty of posts warn it will break your GitHub Actions to AWS deploys. For existing repositories left alone, it will not. Here is what actually changes, the three things that do flip you to the new format, and how to future-proof your IAM trust policy now.

Read more about GitHub's July 15 OIDC Change Will Not Break Your Existing AWS Deploys
CloudJun 15, 2026

Hetzner More Than Doubled Some Cloud Prices Today And What To Do About It

On June 15, 2026, Hetzner repriced its cloud servers, and the dedicated and AMD shared vCPU lines (CCX, CPX) jumped 113 to 175 percent while the ARM and Intel-shared lines rose about 30 percent. Existing instances are protected, but a rescale reprices you. Here is exactly what changed and what to do.

Read more about Hetzner More Than Doubled Some Cloud Prices Today And What To Do About It
CloudJun 15, 2026

You Can Now Run 200B AI Models On A Desktop Without The Cloud

AMD's Ryzen AI Max+ 395 puts up to 128GB of unified memory in a small desktop, enough to run a 235-billion-parameter model with no cloud. Here is what is real, what is overstated, and when it actually fits your stack.

Read more about You Can Now Run 200B AI Models On A Desktop Without The Cloud
SecurityJun 10, 2026

An Ansible Privilege Escalation Bug And Who Actually Needs To Worry

CVE-2026-11837, published June 10, 2026, is a local privilege escalation flaw in the Ansible ansible.posix authorized_key module. It is not remote, so the real exposure is narrow. Here is exactly who is at risk and what to do now.

Read more about An Ansible Privilege Escalation Bug And Who Actually Needs To Worry
SecurityJun 9, 2026

npm v12 Will Stop Running Install Scripts By Default So Prepare Your CI

GitHub announced on June 9, 2026 that npm v12, due around July, will stop running preinstall, install, postinstall and prepare scripts by default. It closes the biggest supply-chain hole and it will break some CI builds. Here is how to get ready.

Read more about npm v12 Will Stop Running Install Scripts By Default So Prepare Your CI
SecurityMay 30, 2026

What The New Spectra RCE Means For Multi Author WordPress Sites

Wordfence disclosed CVE-2026-7465 on May 30, 2026, a remote code execution flaw in the Spectra Gutenberg Blocks plugin (versions up to 2.19.25, fixed in 2.19.26). It needs only Contributor access, so the real exposure is sites with open registration or many low-trust authors. Who is at risk and how to close it.

Read more about What The New Spectra RCE Means For Multi Author WordPress Sites
StrategyMay 28, 2026

What Claude Opus 4.8 Changes For DevOps Teams

Anthropic shipped Claude Opus 4.8 on May 28, 2026, with a fourfold reduction in silent code flaws, Dynamic Workflows for parallel subagent orchestration, Effort Control for cost dialing, and pricing parity with 4.7. What it changes for DevOps teams running Claude in CI and dev tooling.

Read more about What Claude Opus 4.8 Changes For DevOps Teams
SecurityMay 22, 2026

How npm's New Staged Publishing Closes the Stolen CI Token Window

npm shipped staged publishing in CLI v11.15.0 on May 22, 2026. Adopted publishes now require a human 2FA approval that no OIDC token, automation token, or stolen CI credential can satisfy. Here is how it works and the CI changes it requires.

Read more about How npm's New Staged Publishing Closes the Stolen CI Token Window
SecurityMay 22, 2026

How a TanStack npm Compromise Got Grafana's GitHub Codebase Stolen

Grafana Labs confirmed that attackers downloaded source code from its GitHub environment after a TanStack npm package compromise leaked one developer's GitHub workflow token. One token missed in the rotation, in one of the better-instrumented companies on the internet.

Read more about How a TanStack npm Compromise Got Grafana's GitHub Codebase Stolen
SecurityMay 21, 2026

TeamPCP Breaches GitHub via Poisoned Nx Console Extension

TeamPCP exfiltrated about 3,800 GitHub-internal repositories after a poisoned Nx Console VS Code extension reached a GitHub employee. The full supply-chain chain, and what to do.

Read more about TeamPCP Breaches GitHub via Poisoned Nx Console Extension
CloudMay 20, 2026

Railway 8-Hour Outage: GCP Auto-Suspended Their Account

Google Cloud auto-suspended Railway's production account on May 19, 2026, taking the platform offline for 8 hours. The cross-cloud dependency lesson, in detail.

Read more about Railway 8-Hour Outage: GCP Auto-Suspended Their Account
SecurityMay 20, 2026

Mini Shai-Hulud Worm Hits Microsoft's durabletask PyPI

TeamPCP's Mini Shai-Hulud worm backdoored durabletask v1.4.1-1.4.3 on PyPI, stealing AWS, GitHub and Vault secrets and spreading via SSM and kubectl exec.

Read more about Mini Shai-Hulud Worm Hits Microsoft's durabletask PyPI
SecurityMay 19, 2026

ssh-keysign-pwn (CVE-2026-46333): Kernel Secret Leak

CVE-2026-46333 (ssh-keysign-pwn) lets any local Linux user read SSH host keys and /etc/shadow via a kernel ptrace exit race. Who is exposed and how to fix it.

Read more about ssh-keysign-pwn (CVE-2026-46333): Kernel Secret Leak
SecurityMay 18, 2026

Apple's M5 Memory Integrity Enforcement Bypassed in Five Days with AI Help

Researchers built the first public macOS kernel exploit on Apple M5 silicon, defeating Memory Integrity Enforcement in five days with Claude Mythos. The real story is the velocity.

Read more about Apple's M5 Memory Integrity Enforcement Bypassed in Five Days with AI Help
SecurityMay 16, 2026

Google GTIG Confirms the First AI-Developed Zero-Day Used in the Wild

On May 11, 2026, Google's Threat Intelligence Group published the first confirmed evidence of a criminal group using AI to build a working zero-day. Here is what it means for your threat model.

Read more about Google GTIG Confirms the First AI-Developed Zero-Day Used in the Wild
SecurityMay 15, 2026

NGINX Rift (CVE-2026-42945) - An 18-Year-Old RCE in the World's Most Deployed Web Server

NGINX Rift (CVE-2026-42945) is a CVSS 9.2 heap overflow in the nginx rewrite module. A single unauthenticated request can reach RCE. PoC is public. Here is who is exposed and how to patch.

Read more about NGINX Rift (CVE-2026-42945) - An 18-Year-Old RCE in the World's Most Deployed Web Server
SecurityMay 15, 2026

Fragnesia (CVE-2026-46300) - The Linux Kernel LPE That the Dirty Frag Patch Created

Fragnesia is a new Linux kernel local privilege escalation introduced by the Dirty Frag patch itself. Public PoC is out. Ubuntu still unpatched. Here is the mitigation playbook.

Read more about Fragnesia (CVE-2026-46300) - The Linux Kernel LPE That the Dirty Frag Patch Created
SecurityMay 15, 2026

May 2026 Linux and cPanel CVE Storm: What to Patch Now

Three high-severity Linux kernel CVEs and a critical cPanel authentication bypass are being actively exploited in May 2026. Here is what to patch and how.

Read more about May 2026 Linux and cPanel CVE Storm: What to Patch Now
MagentoMay 13, 2026

What To Patch First In Adobe's APSB26-49 Magento Update

Adobe's APSB26-49 covers every maintained Magento branch from 2.4.4 to 2.4.9-beta1 with RCE, auth bypass, and privilege escalation fixes. Headline CVSS 8.7. The patch order, the rollout sequence, and what to monitor for two weeks after.

Read more about What To Patch First In Adobe's APSB26-49 Magento Update
SecurityMay 7, 2026

Dirty Frag (CVE-2026-43500) - Linux Kernel RxRPC Root Escalation, Public Exploit Out

Dirty Frag (CVE-2026-43500) is a high-severity Linux kernel local privilege escalation in the RxRPC subsystem. Public exploit is already out - the disclosure embargo broke. Patch and mitigation playbook below.

Read more about Dirty Frag (CVE-2026-43500) - Linux Kernel RxRPC Root Escalation, Public Exploit Out
SecurityMay 3, 2026

Copy Fail (CVE-2026-31431) - Patch Every Linux Server You Run

Copy Fail (CVE-2026-31431) is a Linux kernel local privilege escalation that turns any local account into root in seconds. Every major distribution is affected. This is the patch and mitigation playbook.

Read more about Copy Fail (CVE-2026-31431) - Patch Every Linux Server You Run
SecurityApr 26, 2026

Major Vercel Breach Disclosed - Rotate Every Token Now

A high-impact supply chain breach hit Vercel customers in April 2026. Plaintext environment variables - API keys, database credentials, signing keys - were exposed. This is the rotation playbook.

Read more about Major Vercel Breach Disclosed - Rotate Every Token Now
WordPressMar 10, 2026

WordPress 6.9.2 Security Release Is Now Available

WordPress 6.9.2 shipped as a March 2026 security release, making it the safer reference point than older 6.8-focused update coverage.

Read more about WordPress 6.9.2 Security Release Is Now Available
Server & DevOpsFeb 26, 2026

Kubernetes 1.35.2 Becomes the Latest Supported Patch

Kubernetes 1.35 remained in active support as 1.35.2 shipped in late February 2026, giving platform teams a clearer current upgrade target.

Read more about Kubernetes 1.35.2 Becomes the Latest Supported Patch
Server & DevOpsFeb 20, 2026

Docker Desktop 4.36 Introduces Resource Saver Mode

Docker Desktop 4.36 adds resource saver mode that reduces CPU and memory usage by up to 80% when containers are idle. Key update for developers.

Read more about Docker Desktop 4.36 Introduces Resource Saver Mode
CloudFeb 18, 2026

Amazon OpenSearch Service Expands Graviton4 Support

AWS expanded Amazon OpenSearch Service support for Graviton4-based c8g, m8g, r8g, and r8gd instances in more regions during February 2026.

Read more about Amazon OpenSearch Service Expands Graviton4 Support