Skip to main content
News

Company & Industry Updates

Announcements, technology updates, and industry news from Private DevOps LTD.

48 news items7 topics

Showing 1-30 of 48 news items

Page 1 of 2

SecurityJul 13, 2026

A 16-Year-Old KVM Bug Called Januscape Lets a Guest VM Break Out to the Host on Intel and AMD

Januscape (CVE-2026-53359) is a 16-year-old use-after-free in the Linux KVM shadow MMU on both Intel and AMD, rated a guest-to-host escape by Canonical. The public proof of concept crashes the host from inside a guest, while full host takeover is claimed but not published. Upstream fixed it on July 4, but distro kernels are still pending. Here is who is exposed, the nested-virtualization mitigation, and what to do now.

Read more about A 16-Year-Old KVM Bug Called Januscape Lets a Guest VM Break Out to the Host on Intel and AMD
MagentoJul 10, 2026

Magento Open Source 2.4.6 Goes End of Life on August 11 and There Is No Extended Support to Save You

Magento Open Source 2.4.6 reaches end of support on August 11, 2026. After that there are no more security patches, and unlike Adobe Commerce, the Open Source code base is not eligible for paid extended support, so there is no soft landing. Here is what that means, where to upgrade (2.4.8 or 2.4.9, not 2.4.7), the PHP jump that comes with it, and how to plan the move before the deadline.

Read more about Magento Open Source 2.4.6 Goes End of Life on August 11 and There Is No Extended Support to Save You
SecurityJul 8, 2026

A 15-Year-Old Linux Kernel Bug Called GhostLock Gives Any Local User Root and Escapes Containers

GhostLock (CVE-2026-43499) is a 15-year-old use-after-free in the Linux kernel rtmutex code that lets any logged-in user become root, and in the researchers' testing escape containers. It was quietly patched upstream in May, but Nebula Security has now published a working exploit, which changes the risk for anyone running shared or multi-tenant Linux. Here is who is actually exposed and what to do.

Read more about A 15-Year-Old Linux Kernel Bug Called GhostLock Gives Any Local User Root and Escapes Containers
SecurityJul 2, 2026

The New libssh2 SSH Flaw Is Client-Side, Not Your sshd, and apt upgrade Will Not Fix the Copies That Matter

CVE-2026-55200 is an out-of-bounds write in the libssh2 client library that a malicious or compromised SSH server can use to corrupt a connecting client's memory, and a public proof-of-concept is already out. The corrections that matter: it is client-side and not an OpenSSH or sshd bug, the severity rating is disputed across scorers, and the real cleanup is finding the statically linked and vendored copies a distribution update never touches.

Read more about The New libssh2 SSH Flaw Is Client-Side, Not Your sshd, and apt upgrade Will Not Fix the Copies That Matter
Server & DevOpsJun 25, 2026

OpenAI Is Deleting GPT-5 and o3 in December and the Teams That Pinned Their Models Break First

OpenAI notified developers on June 11, 2026 that six GPT-5 and o3 model snapshots leave the first-party API on December 11, 2026. Teams that pinned an exact dated snapshot ID, OpenAI's own recommended production practice, break loudly on that date, while floating aliases keep working but silently change behavior.

Read more about OpenAI Is Deleting GPT-5 and o3 in December and the Teams That Pinned Their Models Break First
Server & DevOpsJun 24, 2026

AI Agents Broke GitHub and Gave Elon Musk a Shot at Owning the Code You Write

AI agents now write a large and growing share of all code, and the strain has broken GitHub's pricing and infrastructure. That cracked open the Git layer, Cursor built its own forge, and then SpaceX bought Cursor and tied it to Grok plus its energy and compute. Here is the calm map of what it means for your team.

Read more about AI Agents Broke GitHub and Gave Elon Musk a Shot at Owning the Code You Write
Server & DevOpsJun 23, 2026

Helm 3 Is Going End of Life and Helm 4 Will Quietly Break the Flags Your Pipeline Depends On

Helm 4 went GA on November 12, 2025 at KubeCon North America, and the Helm project has set firm Helm 3 end-of-life dates: the final limited release lands September 9, 2026, and security patches run only through February 2027. The catch is that Helm 4 changes the command-line surface your CI/CD depends on, with two genuinely breaking changes plus a set of flag renames, so the migration touches automation, not just interactive use.

Read more about Helm 3 Is Going End of Life and Helm 4 Will Quietly Break the Flags Your Pipeline Depends On
Server & DevOpsJun 22, 2026

Cursor Origin Is a Git Forge for AI Agents Worth Watching

On June 16, 2026, Cursor announced Origin, a Git-compatible forge built for AI agents committing in parallel, not human-paced workflows. It is waitlist-only with general availability in fall 2026, and Cursor's parent was acquired by SpaceX the same day. Here is the calm take on whether your team should care yet.

Read more about Cursor Origin Is a Git Forge for AI Agents Worth Watching
SecurityJun 21, 2026

If You Use Gravity SMTP On WordPress Rotate Your Email API Keys Now

CVE-2026-4020 in the Gravity SMTP WordPress plugin (about 100,000 installs) lets an unauthenticated attacker pull your email provider API keys straight off the site, and bots are mass-exploiting it. It is rated CVSS 7.5 (High). Here is what leaks, why it deserves immediate attention, and the patch-and-rotate steps.

Read more about If You Use Gravity SMTP On WordPress Rotate Your Email API Keys Now
Server & DevOpsJun 20, 2026

GitHub Will Stop Running Your Jobs When Your Self-Hosted Runners Fall Behind

GitHub is enforcing a minimum self-hosted runner version (2.329.0) plus a rule that runners must take updates within 30 days of release, or they stop running jobs. Full enforcement lands 2026-07-31 for Enterprise Cloud with Data Residency and 2026-09-25 for Enterprise Cloud. GitHub-hosted runners are unaffected.

Read more about GitHub Will Stop Running Your Jobs When Your Self-Hosted Runners Fall Behind
Server & DevOpsJun 19, 2026

Kubernetes 1.35 Is the Last Version That Runs containerd 1.x and Most Clusters Have Not Noticed

Kubernetes 1.35, released December 17, 2025, is the last minor release whose runtime support still includes a containerd 1.x version. To upgrade beyond it, every node has to move to containerd 2.x first, and containerd 1.7 itself reaches end of support in September 2026. The trap is not a single date: it is the upgrade path, and most clusters have not noticed because nothing is broken yet.

Read more about Kubernetes 1.35 Is the Last Version That Runs containerd 1.x and Most Clusters Have Not Noticed
SecurityJun 19, 2026

Two Critical NGINX Bugs Dropped This Week And Who Is Actually At Risk

F5 shipped out-of-band patches on June 17, 2026 for two critical NGINX flaws, CVE-2026-42530 and CVE-2026-42055, both CVSS 9.2 and both unauthenticated. The headline is scary, but the exploitable surface is narrow. Here is which versions and configs are at risk, why it is a denial of service for most rather than code execution, and what to do.

Read more about Two Critical NGINX Bugs Dropped This Week And Who Is Actually At Risk
CloudJun 18, 2026

Azure Returns 410 Gone for GPT-4o on October 1 and Auto-Upgrade Skips the Deployments That Matter

On October 1, 2026, Azure OpenAI in Microsoft Foundry retires the GA gpt-4o (2024-11-20) and gpt-4o-mini (2024-07-18) versions, after which calls to a retired deployment return HTTP 410 Gone. Standard-family deployments are auto-upgraded region by region, but Provisioned (PTU) deployments and anything set to NoAutoUpgrade are not, and Microsoft says the date is not extendable.

Read more about Azure Returns 410 Gone for GPT-4o on October 1 and Auto-Upgrade Skips the Deployments That Matter
SecurityJun 18, 2026

GitHub's July 15 OIDC Change Will Not Break Your Existing AWS Deploys

GitHub is rolling out immutable OIDC subject claims on July 15, 2026, and plenty of posts warn it will break your GitHub Actions to AWS deploys. For existing repositories left alone, it will not. Here is what actually changes, the three things that do flip you to the new format, and how to future-proof your IAM trust policy now.

Read more about GitHub's July 15 OIDC Change Will Not Break Your Existing AWS Deploys
CloudJun 17, 2026

Stay on EKS 1.33 and AWS Starts Billing You 6x From August

Amazon EKS Kubernetes 1.33 leaves standard support on July 29, 2026, and any cluster still on it is enrolled in extended support by default at six times the standard control-plane rate. The hourly charge rises from 0.10 to 0.60 US dollars per cluster, and the standard patch cadence narrows. Fleets with many clusters feel it first.

Read more about Stay on EKS 1.33 and AWS Starts Billing You 6x From August
SecurityJun 16, 2026

OpenSSL 3.0 Stops Getting Security Fixes in September and You Probably Still Ship It

OpenSSL 3.0 stops receiving all fixes, including security fixes, after September 7, 2026, and the 3.4 line follows on October 22. For most teams the distro backports cover it, but self-compiled, vendored, and container-bundled OpenSSL go quietly unpatched. Here is who is actually exposed and how to check.

Read more about OpenSSL 3.0 Stops Getting Security Fixes in September and You Probably Still Ship It
SecurityJun 15, 2026

From September 11 the EU Cyber Resilience Act Puts a 24-Hour Clock on Exploited Vulnerabilities and Most Makers Have No Runbook

From 11 September 2026, Article 14 of the EU Cyber Resilience Act forces makers of products with digital elements to report actively exploited vulnerabilities within 24 hours, with a 72-hour follow-up and a 14-day final report. It is the first binding CRA deadline, and the hard part is operational: detecting, triaging, and filing a conformant report inside a single day.

Read more about From September 11 the EU Cyber Resilience Act Puts a 24-Hour Clock on Exploited Vulnerabilities and Most Makers Have No Runbook
CloudJun 15, 2026

Hetzner More Than Doubled Some Cloud Prices Today And What To Do About It

On June 15, 2026, Hetzner repriced its cloud servers, and the dedicated and AMD shared vCPU lines (CCX, CPX) jumped 113 to 175 percent while the ARM and Intel-shared lines rose about 30 percent. Existing instances are protected, but a rescale reprices you. Here is exactly what changed and what to do.

Read more about Hetzner More Than Doubled Some Cloud Prices Today And What To Do About It
CloudJun 15, 2026

You Can Now Run 200B AI Models On A Desktop Without The Cloud

AMD's Ryzen AI Max+ 395 puts up to 128GB of unified memory in a small desktop, enough to run a 235-billion-parameter model with no cloud. Here is what is real, what is overstated, and when it actually fits your stack.

Read more about You Can Now Run 200B AI Models On A Desktop Without The Cloud
CloudJun 13, 2026

AWS Shuts Down App Mesh for Good on September 30 and Your Service Mesh Goes With It

AWS ends all support for App Mesh on September 30, 2026, after which the console and every App Mesh resource go dark and the Envoy data plane is no longer managed. New onboarding has been blocked since September 24, 2024. For ECS, AWS points to Service Connect; EKS teams have their own path.

Read more about AWS Shuts Down App Mesh for Good on September 30 and Your Service Mesh Goes With It
CloudJun 12, 2026

RDS MySQL 8.0 Leaves Standard Support in July and AWS Auto-Enrolls You Into a Paid Bill

Amazon RDS for MySQL 8.0 reaches end of standard support on July 31, 2026. The next day, AWS automatically enrolls any instance still on 8.0 into paid Extended Support, billed per vCPU-hour, unless you set the disabled lifecycle flag at creation or restore. The fix is an in-place upgrade to MySQL 8.4 before the date.

Read more about RDS MySQL 8.0 Leaves Standard Support in July and AWS Auto-Enrolls You Into a Paid Bill
SecurityJun 10, 2026

An Ansible Privilege Escalation Bug And Who Actually Needs To Worry

CVE-2026-11837, published June 10, 2026, is a local privilege escalation flaw in the Ansible ansible.posix authorized_key module. It is not remote, so the real exposure is narrow. Here is exactly who is at risk and what to do now.

Read more about An Ansible Privilege Escalation Bug And Who Actually Needs To Worry
SecurityJun 9, 2026

npm v12 Will Stop Running Install Scripts By Default So Prepare Your CI

GitHub announced on June 9, 2026 that npm v12, due around July, will stop running preinstall, install, postinstall and prepare scripts by default. It closes the biggest supply-chain hole and it will break some CI builds. Here is how to get ready.

Read more about npm v12 Will Stop Running Install Scripts By Default So Prepare Your CI
SecurityMay 30, 2026

What The New Spectra RCE Means For Multi Author WordPress Sites

Wordfence disclosed CVE-2026-7465 on May 30, 2026, a remote code execution flaw in the Spectra Gutenberg Blocks plugin (versions up to 2.19.25, fixed in 2.19.26). It needs only Contributor access, so the real exposure is sites with open registration or many low-trust authors. Who is at risk and how to close it.

Read more about What The New Spectra RCE Means For Multi Author WordPress Sites
StrategyMay 28, 2026

What Claude Opus 4.8 Changes For DevOps Teams

Anthropic shipped Claude Opus 4.8 on May 28, 2026, with a fourfold reduction in silent code flaws, Dynamic Workflows for parallel subagent orchestration, Effort Control for cost dialing, and pricing parity with 4.7. What it changes for DevOps teams running Claude in CI and dev tooling.

Read more about What Claude Opus 4.8 Changes For DevOps Teams
SecurityMay 22, 2026

How npm's New Staged Publishing Closes the Stolen CI Token Window

npm shipped staged publishing in CLI v11.15.0 on May 22, 2026. Adopted publishes now require a human 2FA approval that no OIDC token, automation token, or stolen CI credential can satisfy. Here is how it works and the CI changes it requires.

Read more about How npm's New Staged Publishing Closes the Stolen CI Token Window
SecurityMay 22, 2026

How a TanStack npm Compromise Got Grafana's GitHub Codebase Stolen

Grafana Labs confirmed that attackers downloaded source code from its GitHub environment after a TanStack npm package compromise leaked one developer's GitHub workflow token. One token missed in the rotation, in one of the better-instrumented companies on the internet.

Read more about How a TanStack npm Compromise Got Grafana's GitHub Codebase Stolen
SecurityMay 21, 2026

TeamPCP Breaches GitHub via Poisoned Nx Console Extension

TeamPCP exfiltrated about 3,800 GitHub-internal repositories after a poisoned Nx Console VS Code extension reached a GitHub employee. The full supply-chain chain, and what to do.

Read more about TeamPCP Breaches GitHub via Poisoned Nx Console Extension
CloudMay 20, 2026

Railway 8-Hour Outage: GCP Auto-Suspended Their Account

Google Cloud auto-suspended Railway's production account on May 19, 2026, taking the platform offline for 8 hours. The cross-cloud dependency lesson, in detail.

Read more about Railway 8-Hour Outage: GCP Auto-Suspended Their Account
SecurityMay 20, 2026

Mini Shai-Hulud Worm Hits Microsoft's durabletask PyPI

TeamPCP's Mini Shai-Hulud worm backdoored durabletask v1.4.1-1.4.3 on PyPI, stealing AWS, GitHub and Vault secrets and spreading via SSM and kubectl exec.

Read more about Mini Shai-Hulud Worm Hits Microsoft's durabletask PyPI