CI/CD News
Weekly CI/CD news for operators — GitHub Actions and GitLab CI changes, Argo and Jenkins releases, runner advisories, and the pipeline outages that cost you a green build.
About CI/CD News
CI/CD is the part of the platform everyone depends on and nobody budgets for until it breaks. On Call Brief tracks the pipeline stories that matter to the people maintaining them: GitHub Actions and GitLab CI changes and outages, Argo and Jenkins releases, runner security advisories, and the deployment-tooling shifts that quietly change how your team ships.
Each brief below gathers the week's CI/CD news with the operational angle front and center — what changed in the pipeline layer, and whether it's going to cost you a green build on Monday.
CI/CD in recent briefs
On Call Brief – Week of July 5–11, 2026
JadePuffer Demonstrates How AI Agents Can Automate Ransomware Attack; Microsoft, Google and Cloudflare just made 2029 the new quantum deadline; Cloudflare: 2 service incidents (Issues with…
On Call Brief – Week of June 28 – July 4, 2026
Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer; Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools;…
On Call Brief – Week of June 21–27, 2026
I discovered a large-scale malware distribution on GitHub; Rokarolla Android Banking Trojan Turns Smartphones Into Weapons Against Users; MSG Breach: Knicks Take the NBA Championship, ShinyHunters…
On Call Brief – Week of June 14–20, 2026
ServiceNow Fixes Flaw That Could Lead to Unauthorized Access to Instances; ShinyHunters Secret to Success: Breaking the Trust Barrier; GitHub Removes PAT Requirement for Agentic Workflows…
On Call Brief – Week of June 7–13, 2026
Over 20,000 Instagram accounts stolen in Meta AI support hack; A postmortem of our May 7, 2026 outage; Holy git! Microsoft code-sharing site suffers downtime, despite…
On Call Brief – Week of May 31 – June 6, 2026
The 28-Hour Meltdown: What Happened When AWS US-EAST-1 Overheated; Google Cloud Suspends Railway's Production Account; AWS Organizations emits CloudTrail events for account membership changes - Only…
On Call Brief – Week of May 24–30, 2026
DevOps'ish 310: The Breaches Are Coming From Inside the Extension Store; The War Between Wars: How an IRGC Front Runs Destructive OT and IT Attacks Under…
On Call Brief – Week of May 17–23, 2026
CISA Credentials, Sensitive Data Exposed in GitHub Repository; GitHub Breach Tied to Malicious VS Code Extension Exposes Thousands of Internal Repositories; Researcher says Microsoft secretly built…
On Call Brief – Week of May 10–16, 2026
EdTech Firm Instructure Pays Ransom as U.S. House Starts Investigation; Instructure Pays Ransom to Canvas Hackers; Cloudflare: 12 Scheduled Maintenance Windows (Network Performance Issues, Los Angeles,…
On Call Brief – Week of May 3–9, 2026
How a Cursor AI agent wiped PocketOS’s production database in under 10 seconds; When DNSSEC goes wrong: how we responded to the .de TLD outage; Argo…
On Call Brief – Week of April 26 – May 2, 2026
Microsoft Outlook for iOS still down and out for many after 'service change'; GitHub Faces Scaling Issues as AI Development Surges; China-Backed Groups Are Using Massive…
On Call Brief – Week of April 19–25, 2026
Everyone Wants Servers And Nobody Wants Servers; ingress-nginx to Envoy Gateway migration on CNCF internal services cluster; Cloudflare: 8 Scheduled Maintenance Windows (Sydney, Salt Lake City,…
On Call Brief – Week of April 12–18, 2026
A guide to the breaking changes in GitLab 19.0; 76 The Cost of Assumptions ⚡; Ashby taught us we have to fight fire with fire
On Call Brief – Week of April 5–11, 2026
GitHub availability report: March 2026; Another One Bites the Dust: What the CDKTF Deprecation Means for You; Dutch healthcare software vendor goes dark after ransomware attack
On Call Brief – Week of March 29 – April 4, 2026
Trivy Supply Chain Attack Hits Docker Images in TeamPCP Campaign; Building SRE Error Budgets for AI/ML Workloads: A Practical Framework; LAX (Los Angeles) on 2026-03-30
On Call Brief – Week of March 22–28, 2026
Another One Bites the Dust: What the CDKTF Deprecation Means for You; Windows Server 2025 SMB SID hardening is beachballing legacy clients; DevOps'ish 301: Super Micro…
On Call Brief – Week of March 15–21, 2026
Major Breach — McKinsey's Lilli AI system compromised in under two hours, exposing millions of confidential client; Perplexity's Personal Computer system and Mistral's zero-exposure training address…
On Call Brief – Week of March 8–14, 2026
Policy in Bedrock AgentCore is now GA; Accelerate Lambda durable functions development with new Kiro power - AWS; 👀 Claude Code now runs while you sleep
On Call Brief – Week of March 1–7, 2026
[Last Week in AWS] Issue #460: Bedrock Throttling Guide: AWS Publishes Its Own Roast; What Google Cloud announced in AI this month; What’s new with Google…
On Call Brief – Week of February 22–28, 2026
Perplexity Computer 💻, DeepSeek withholds v4 🐋, Cowork scheduled tasks 💼; Claude Cowork updates 💼, KiloClaw agents ⚡, intelligence yield 🧠; CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 - runc…
On Call Brief – Week of February 15–21, 2026
[Last Week in AWS] Issue #460: Bedrock Throttling Guide: AWS Publishes Its Own Roast; [Last Week in AWS] Issue #460: Bedrock Throttling Guide: AWS Publishes Its…
On Call Brief – Week of February 8–14, 2026
Signal Outage [Ongoing]; Hetzner Outage; Privilege Escalation in Aurora PostgreSQL using AWS JDBC Wrapper, AWS Go Wrapper, AWS NodeJS Wrapper, AWS Python Wrapper, AWS PGSQL ODBC…
From the podcast
Prefer to listen? Ship It Weekly is our companion DevOps & SRE podcast.
Frequently asked questions
What does CI/CD News cover?
The pipeline stories that matter to the people maintaining them — GitHub Actions and GitLab CI changes and outages, Argo and Jenkins releases, runner security advisories, and the deployment-tooling shifts that quietly change how your team ships.
Who is it for?
The engineers who own the pipeline layer and feel it first when a green build on Monday is suddenly at risk.
How are briefs selected?
Briefs are matched automatically when they cover CI/CD topics, so the hub reflects the latest weekly issues.
Does it cover runner and supply-chain security?
Yes — runner advisories and pipeline security changes are part of the coverage, with the operational angle front and center.
How do I subscribe?
Use the subscribe form on this page for one short weekly email on the CI/CD change worth knowing about.