Image

Sign up for our newsletter!
Stay informed on the latest DevOps news

DevOps.com

IT as Code

CISA, secure by design, ReversingLabs, open-source, AI, cybersecurity, tooling, CISA Security Scribe ReversingLabs software supply chain cybersecurity - software supply chain security - risks - cyberattacks - Log4J - vulnerabilities

‘PackageGate’ Vulnerabilities Can Let Attackers Bypass Shai-Hulud Defenses

| | Aikido Security, Bun, Git dependency, github, Koi Security, microsoft, npm registry, PhantomRaven, PNPM, remote code execution, Shai-Hulud worm, supply chain attack, VLT
In the wake of the massive Shai-Hulud supply chain attack that ripped through npm late last year and compromised more than 700 packages and exposed 25,000 repositories, developers in the JavaScript world ...
From Reactive to Predictive: Capacity Planning Systems That Actually Work

From Reactive to Predictive: Capacity Planning Systems That Actually Work

| | capacity planning, cloud infrastructure, Predictive Analytics, reliability engineering, scaling
I used to think capacity planning was about setting up CloudWatch alarms and hoping they'd fire before things broke. Spoiler: that's not capacity planning—that's just reactive firefighting with extra steps. Real capacity ...
CISA, secure by design, ReversingLabs, open-source, AI, cybersecurity, tooling, CISA Security Scribe ReversingLabs software supply chain cybersecurity - software supply chain security - risks - cyberattacks - Log4J - vulnerabilities

Attackers Testing New Strain of Shai-Hulud on npm: Aikido

| | Aikido Security, GitHub repositories, information stealing, JavaScript, leaked secrets, npm registry, Shai-Hulud worm
Threat actors behind the virulent Shai-Hulud worm that wreaked havoc in open npm repositories toward the end of 2025 apparently are trying out a new strain that comes with slight modifications. Security ...

Observability, SRE and Uptime in Telehealth Platforms: A DevOps Playbook

| | cloud infrastructure, devops, incident management, observability, Patient Data Security, resilience engineering, site reliability engineering, Telehealth
Virtual care went from nice to have to must have during the COVID-19 pandemic and while in-person visits are starting to pick up again, telemedicine is here to stay. Its growth will ...
Crates.io Removes Malicious Rust Package Targeting Web3 Developers

Crates.io Removes Malicious Rust Package Targeting Web3 Developers

| | cryptocurrency, Cybersecurity, Ethereum Virtual Machine, Rust programming, supply chain attack
A malicious Rust package that was found to be downloading payloads aimed at stealing cryptocurrency was removed from the crates.io Rust package registry, along with another package by the same author that ...
System Initiative Extends Reach of IT Infrastructure Automation Platform

System Initiative Extends Reach of IT Infrastructure Automation Platform

| | automation, Cloud Computing, IT infrastructure, System Initiative
System Initiative today revealed it is now extending the reach of its digital twin platform for automating the management of IT infrastructure to any cloud computing environment, including now out-of-the-box support for ...
Massive VS Code Secrets Leak Puts Focus on Extensions, AI: Wiz

Massive VS Code Secrets Leak Puts Focus on Extensions, AI: Wiz

| | exposed secrets, extensions leak, Microsoft Visual Studio, OpenVSX, VS Code, Wiz
Researchers with cybersecurity firm Wiz earlier this year discovered, almost by chance, a significant supply chain risk and massive secrets leak in the Visual Studio Code and OpenVSX marketplaces that they said ...
finops, cost, finance, finops, cloud, cost, cloud costs, AWS, engineering, AWS multi-cloud challenges, multi-cloud, costs, CloudBolt FinOps Grafana observability Vega Cloud cost multi-cloud FinOps governance cost-efficient Multi-Cloud Cost Optimization

The Leadership Mindset for Sustainable DevOps Cost Optimization

| | cloud cost management, Cost transparency in DevOps, DevOps cost optimization, Engineering leadership, Sustainable DevOps practices
From seeing costs as an external burden imposed by finance to recognizing them as an integral signal of engineering health ...
Spacelift Adds On-Premises Edition of Infrastructure Management Platform

Spacelift Adds On-Premises Edition of Infrastructure Management Platform

| | ai, infrastructure management, it, Spacelift
Spacelift has made available an on-premises edition of a platform for automating the provisioning and management of IT infrastructure that previously was only accessible via a software-as-a-service application. Company CEO Pawel Hytry ...
Typosquat Supply Chain Attack Targets Go Developers

Typosquat Supply Chain Attack Targets Go Developers

| | GitHub repositories, Golang, malicious code, software supply chain attacks
A backdoor that impersonates a widely used database module in the popular Go programming language can give hackers control of infected systems, according to a senior threat intelligence analyst with developer-focused platform ...
CISA, security, Salesforce Cybersecurity, API security, DevSecOps

CISA Pushes Steps to Better Secure Software and Product Designs

| | CISA, Cybersecurity, secure software development
The country’s top cybersecurity agency is urging developers to take steps to ensure the software they’re building and the products they roll out are secure and protect end users. The Cybersecurity and ...
Google, code signing, trust, CodeRabbit, code, GenAI, Quali, Torque, code, Symbiotic, application developers, Zencoder, code, operations, code, commit, developer, mainframe, code, GenAI; code review efficiency cloud development

Operations as Code: Transforming Operational Excellence

| | IaC, operations, operations as code
The push toward digital transformation and cloud-native infrastructure is inevitable. This shift brings the need to manage operations with the same rigor and automation we apply to infrastructure or security. Many organizations ...
Show More