preloader

These news items are automatically aggregated from industry sources and are not individually reviewed. Any inaccuracies are unintentional — let us know and we'll correct or remove it.

devops gitlab cicd security infrastructure europe

GitLab 19.0 Ships Native Secrets Manager and AI-Powered Developer Flow for the Full Merge Request Lifecycle

GitLab 19.0, released May 21 2026, introduces a native Secrets Manager in public beta that scopes credentials per CI/CD job using the same RBAC controls already applied to code. The release also extends AI-powered Developer Flow across the full merge request lifecycle, automating reviewer feedback resolution, conflict handling, and oversized MR splitting without removing humans from the review process.

security devops github vscode cicd europe

One-Click GitHub OAuth Token Theft via github.dev: What Every Developer Needs to Know

Security researcher Ammar Askar disclosed a zero-day in github.dev on June 2, 2026 showing how a single malicious link can steal a developer’s full GitHub OAuth token, granting read and write access to every repository they can reach. Microsoft applied a server-side mitigation the same day, but the vulnerability exposes a structural risk in browser-based development environments that every team using GitHub should understand.

security devops infrastructure nginx apache vulnerability cloud

HTTP/2 Bomb: New DoS Exploit Threatens nginx, Apache, IIS, and Cloudflare Pingora

A newly disclosed denial-of-service exploit called HTTP/2 Bomb can exhaust 32 gigabytes of server memory in under ten seconds, affecting nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. Disclosed on June 3, 2026, the technique requires no authentication and only a single residential internet connection to execute, putting over 880,000 potentially exposed servers at immediate risk.

devops security supply-chain npm aws azure cloud cicd

Miasma Supply Chain Attack Hits 32 Red Hat npm Packages, Steals AWS, Azure, and GCP Credentials

A supply chain attack disclosed on June 1, 2026 compromised 32 official packages in the @redhat-cloud-services npm namespace, distributing a credential-stealing worm that sweeps for AWS, Azure, and GCP keys, GitHub tokens, Kubernetes service account tokens, and .env files. The attack was carried out through a compromised Red Hat employee GitHub account and exploited GitHub Actions OIDC tokens to bypass code review entirely.

security windows vulnerability infrastructure europe enterprise active-directory

Windows Netlogon RCE Actively Exploited: Domain Controllers Across Europe Under Threat

CVE-2026-41089, a CVSS 9.8 stack-based buffer overflow in Windows Netlogon, is being actively exploited in the wild against domain controllers running Windows Server 2012 R2 through 2025. Belgium’s Centre for Cybersecurity issued a public warning on June 1 after confirming active exploitation. No authentication, no local access, and no user interaction are required for a remote attacker to achieve SYSTEM-level code execution on any unpatched domain controller.

security android vulnerability enterprise gdpr europe

Google Patches 124 Android Vulnerabilities Including Actively Exploited Privilege Escalation Zero-Day

Google’s June 2026 Android security update fixes 124 vulnerabilities across Android 14, 15, and 16, including one high-severity zero-day in the Android Framework that is already being exploited in targeted attacks. Organisations running mobile device management programmes should treat this patch cycle with the same urgency as a Windows Patch Tuesday, given the zero-day allows full device compromise without user interaction.

aws ai cloud gdpr europe devops

OpenAI's GPT-5.5 and Codex Land on Amazon Bedrock -- But European Teams Face a Data Residency Gap

Amazon Bedrock reached general availability for OpenAI’s GPT-5.5, GPT-5.4, and Codex on June 1, giving AWS customers access to the most capable OpenAI frontier models through a unified managed platform. The catch for European organisations: all three models are currently only available in US regions, which creates a concrete GDPR data transfer problem for teams processing personal or regulated data through these models.

cloud eu regulation aws azure europe sovereignty

EU Prepares to Restrict US Hyperscalers from Strategic Government Cloud Tenders

The European Commission is presenting its Cloud and AI Development Act (CADA) tomorrow, June 3, with draft rules that could bar Amazon, Google, and Microsoft from competing for sensitive EU public sector contracts in banking, energy, and healthcare. The proposal responds directly to US Cloud Act surveillance concerns and is the most significant sovereign cloud regulatory action the EU has taken since GDPR.

azure microsoft ai devops github europe

Microsoft Build 2026: Project Polaris Replaces GPT-4 Turbo in Copilot, Azure AI Foundry Gains Mistral and Multimodal Support

Microsoft opened its Build 2026 developer conference today with the announcement of Project Polaris – a proprietary mixture-of-experts AI model set to replace GPT-4 Turbo in GitHub Copilot from August 2026. Azure AI Foundry received native multimodal support, a visual RAG designer, and the addition of Mistral AI models, giving European developers a GDPR-friendly EU-origin AI option through an enterprise-grade managed platform.

security espionage azure europe malware threat-intelligence

Operation Dragon Weave: China-Linked Espionage Campaign Hits Czech Republic Using Azure Blob Storage as Covert Command-and-Control

Security researchers at Seqrite have disclosed a sophisticated China-aligned cyber espionage campaign targeting government, research, and technology organisations in the Czech Republic and Taiwan. Dubbed Operation Dragon Weave, the campaign deploys a custom backdoor called AZUREVEIL that uses Microsoft Azure Blob Storage as a dead-drop command-and-control channel – a technique specifically chosen to blend malicious traffic with legitimate cloud service communication.

We’ll help you resolve your infrastructure challenges

Our team of experts is ready to help you with your infrastructure challenges. We’ll give you honest and personal treatment. Get in touch to learn more.

Get in touch!