CI/CD security

(7 articles)

May 22, 2026

Megalodon GitHub Attack Hits 5,561 Repos via CI/CD

The Megalodon GitHub attack injected malicious CI/CD workflows into 5,561 repos. Learn how it works and how to protect your pipelines now.

May 19, 2026

GitHub Action Tags Hijacked to Steal CI/CD Secrets

Popular GitHub Action tags were redirected to imposter commits designed to steal CI/CD credentials. Here's how the attack works and how to protect your pipelines.

May 13, 2026

Attack Paths Across Code, Pipelines, and Cloud

Modern attack paths now cross code, CI/CD pipelines, and cloud infra. Learn how these multi-layer threats work and what developers can do to stop them.

May 11, 2026

Checkmarx Jenkins Plugin Hit in Supply Chain Attack

TeamPCP compromised the Checkmarx Jenkins AST Plugin weeks after the KICS supply chain attack. Here's what developers need to know to protect their pipelines.

April 30, 2026

Google Fixes CVSS 10 Gemini CLI RCE and Cursor Flaws

Google patched critical CVSS 10 RCE flaws in Gemini CLI and Cursor. Here's what developers need to know about the CI pipeline code execution risk.

March 24, 2026

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

TeamPCP compromised Checkmarx GitHub Actions pipelines using stolen CI credentials - here is what happened and how to lock down your own pipelines.

March 23, 2026

Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

This week: a CI/CD pipeline backdoor shakes DevSecOps, the FBI quietly buys location data, and WhatsApp drops phone number IDs. Here's what developers need to know.