These news items are automatically aggregated from industry sources and are not individually reviewed. Any inaccuracies are unintentional —
let us know and we'll correct or remove it.
GitLab 19.0, released May 21 2026, introduces a native Secrets Manager in public beta that scopes credentials per CI/CD job using the same RBAC controls already applied to code. The release also extends AI-powered Developer Flow across the full merge request lifecycle, automating reviewer feedback resolution, conflict handling, and oversized MR splitting without removing humans from the review process.
Security researcher Ammar Askar disclosed a zero-day in github.dev on June 2, 2026 showing how a single malicious link can steal a developer’s full GitHub OAuth token, granting read and write access to every repository they can reach. Microsoft applied a server-side mitigation the same day, but the vulnerability exposes a structural risk in browser-based development environments that every team using GitHub should understand.
A newly disclosed denial-of-service exploit called HTTP/2 Bomb can exhaust 32 gigabytes of server memory in under ten seconds, affecting nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora. Disclosed on June 3, 2026, the technique requires no authentication and only a single residential internet connection to execute, putting over 880,000 potentially exposed servers at immediate risk.
A supply chain attack disclosed on June 1, 2026 compromised 32 official packages in the @redhat-cloud-services npm namespace, distributing a credential-stealing worm that sweeps for AWS, Azure, and GCP keys, GitHub tokens, Kubernetes service account tokens, and .env files. The attack was carried out through a compromised Red Hat employee GitHub account and exploited GitHub Actions OIDC tokens to bypass code review entirely.
CVE-2026-41089, a CVSS 9.8 stack-based buffer overflow in Windows Netlogon, is being actively exploited in the wild against domain controllers running Windows Server 2012 R2 through 2025. Belgium’s Centre for Cybersecurity issued a public warning on June 1 after confirming active exploitation. No authentication, no local access, and no user interaction are required for a remote attacker to achieve SYSTEM-level code execution on any unpatched domain controller.
Google’s June 2026 Android security update fixes 124 vulnerabilities across Android 14, 15, and 16, including one high-severity zero-day in the Android Framework that is already being exploited in targeted attacks. Organisations running mobile device management programmes should treat this patch cycle with the same urgency as a Windows Patch Tuesday, given the zero-day allows full device compromise without user interaction.
Amazon Bedrock reached general availability for OpenAI’s GPT-5.5, GPT-5.4, and Codex on June 1, giving AWS customers access to the most capable OpenAI frontier models through a unified managed platform. The catch for European organisations: all three models are currently only available in US regions, which creates a concrete GDPR data transfer problem for teams processing personal or regulated data through these models.
The European Commission is presenting its Cloud and AI Development Act (CADA) tomorrow, June 3, with draft rules that could bar Amazon, Google, and Microsoft from competing for sensitive EU public sector contracts in banking, energy, and healthcare. The proposal responds directly to US Cloud Act surveillance concerns and is the most significant sovereign cloud regulatory action the EU has taken since GDPR.
Microsoft opened its Build 2026 developer conference today with the announcement of Project Polaris – a proprietary mixture-of-experts AI model set to replace GPT-4 Turbo in GitHub Copilot from August 2026. Azure AI Foundry received native multimodal support, a visual RAG designer, and the addition of Mistral AI models, giving European developers a GDPR-friendly EU-origin AI option through an enterprise-grade managed platform.
Security researchers at Seqrite have disclosed a sophisticated China-aligned cyber espionage campaign targeting government, research, and technology organisations in the Czech Republic and Taiwan. Dubbed Operation Dragon Weave, the campaign deploys a custom backdoor called AZUREVEIL that uses Microsoft Azure Blob Storage as a dead-drop command-and-control channel – a technique specifically chosen to blend malicious traffic with legitimate cloud service communication.
This site uses cookies. By continuing to use this website, you agree to their use.
We’ll help you resolve your infrastructure challenges
Our team of experts is ready to help you with your infrastructure challenges. We’ll give you honest and personal treatment. Get in touch to learn more.