On Call Brief – Week of June 28 – July 4, 2026
This week's top stories
1. Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer
- Category: Deep Dive
- What happened: Researchers found hijacked npm and Go packages that deploy a Python-based information stealer on Windows, Linux, and macOS. The attack circumvents common npm execution paths to evade security measures introduced in npm v12.
- Takeaway: This incident highlights the risk of using compromised packages in software supply chains, potentially affecting applications that rely on these npm and Go packages - organizations should review their package dependencies and implement security measures to mitigate such risks.
- Source: Thehackernews via The Hacker News (security)
2. Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools
- Category: Community
- What happened: Apple has released security updates for iOS, iPadOS, macOS, and Safari to address four WebKit vulnerabilities. The company utilized AI tools to identify these flaws and expedited the fixes due to the rapid development of exploits from known vulnerabilities.
- Worth reading: These updates are critical for maintaining the security of devices running iOS, iPadOS, macOS, and Safari, as the vulnerabilities could be exploited if not patched.
- Source: Securityaffairs via TLDR Dev
3. Apple Speeds iPhone Security Patches to Counter AI-Driven Hacking Threats
- Category: Community
- What happened: Apple has released iOS 26.5.2 and iPadOS 26.5.2 with approximately 30 security fixes in response to emerging AI-driven hacking threats, representing an accelerated departure from their typical software release cadence according to Security Boulevard. Organizations managing iOS and iPadOS devices should prioritize deployment of these updates through their Mobile Device Management (MDM) systems to address the vulnerabilities being actively exploited by AI-enhanced attack techniques. SRE teams responsible for mobile device fleets should verify update completion across all managed devices and monitor for any deployment issues that might leave devices exposed. While specific CVE numbers were not provided in the initial reports, the urgency and volume of fixes (nearly 30) indicate significant security risks that warrant immediate attention.
- Worth reading: The rapid deployment of these security patches suggests an increased risk of exploitation from AI-driven attacks, which could affect the security posture of devices in production environments. Operators should ensure that devices are updated promptly to mitigate these risks.
- Sources: Security Boulevard Newsletters
4. Amazon CloudWatch launches OTel Container Insights for Amazon EKS - Embracing OpenTelemetry while routing every
- Category: Community
- What happened: Amazon CloudWatch has introduced OTel Container Insights for Amazon EKS, integrating OpenTelemetry for enhanced metric collection. However, the billing model based on metrics per region may lead to high costs at scale, raising concerns about the financial implications of using this feature.
- Worth reading: The new billing model for metrics could significantly increase costs for teams using Amazon EKS at scale, necessitating careful monitoring of usage to avoid unexpected charges.
- Source: AWS via Last Week in AWS
5. Automate public TLS certificate issuance with ACME support in AWS Certificate Manager
- Category: Community
- What happened: The article discusses the new feature in AWS Certificate Manager that allows for the automation of public TLS certificate issuance using ACME protocol support. This enhancement simplifies the process of obtaining and managing TLS certificates, making it easier for users to secure their applications.
- Worth reading: This change could significantly streamline the process of managing TLS certificates in AWS, reducing manual overhead and potential errors in certificate management - it is particularly relevant for teams using AWS for their services.
- Source: AWS via TLDR DevOps
6. Run isolated sandboxes with full lifecycle control: AWS Lambda introduces MicroVMs
- Category: Community
- What happened: AWS Lambda has implemented Firecracker-based MicroVMs to provide isolated sandboxes with full lifecycle control for function execution, according to Last Week in AWS. This architecture change enhances security and resource management by improving isolation for untrusted code execution within Lambda functions. SRE teams should note that this represents an infrastructure-level improvement to Lambda's existing execution model and does not require immediate action, though it may affect how operators think about Lambda's isolation boundaries and security posture. The third item appears to be unrelated content about customs modernization and should be disregarded as likely a feed error or misattribution.
- Worth reading: The introduction of MicroVMs may affect how Lambda functions are managed and executed, potentially improving security and performance. Operators should evaluate how this change could optimize their serverless architecture.
- Sources: AWS via Last Week in AWS
7. OnyxC2 Stealer Targets Wide Range of Apps, Evades Detection by Hiding in Oversized NVIDIA Library
- Category: Community
- What happened: OnyxC2, a newly identified malware-as-a-service tool, targets credentials from over 210 applications and browser extensions by concealing its payload within an oversized NVIDIA library file to evade security scanning tools. The stealer operates as a commercial service available to attackers and represents a significant supply chain risk for organizations using legitimate NVIDIA components. SRE teams should review endpoint detection rules to flag unusually large NVIDIA library files, audit systems for unexpected credential access patterns across multiple applications, and verify the integrity of NVIDIA driver packages through official checksums. Organizations should also implement application allowlisting and monitor for suspicious process behavior associated with legitimate-looking NVIDIA library names that exceed normal file size parameters.
- Worth reading: The widespread targeting of applications by OnyxC2 could lead to credential theft and unauthorized access, impacting security protocols and requiring immediate attention to application security measures.
- Sources: Security Boulevard Newsletters
8. ▶ Bespoke Kill Chains and the End of Signature-Based Email Security
- Category: Community
- What happened: Attackers are increasingly deploying AI-generated, highly personalized email attack chains that evade traditional signature-based email security systems by creating unique lures for each target, according to Techstrong Brief reporting. These bespoke kill chains fundamentally undermine signature-based detection which relies on identifying known attack patterns across multiple instances, rendering traditional email security controls ineffective against per-target customization. SRE and DevOps teams should evaluate their email security posture to ensure defenses include behavioral analysis, anomaly detection, and AI-powered threat detection capabilities rather than relying solely on signature matching. Organizations should also review security awareness training to address the increased sophistication of targeted phishing attempts that may appear more legitimate due to AI-enhanced personalization. This represents a shift in the threat landscape where economies of scale no longer apply to attackers leveraging generative AI for campaign creation.
- Worth reading: Organizations relying on signature-based email security may face increased risks as attackers adapt their strategies, making it crucial to explore alternative security measures that can address these sophisticated threats.
- Sources: Techstrong Brief
9. By Teri Robinson • July 01, 2026
- Category: Community
- What happened: The EvilTokens campaign represents a 1,380% surge in device code phishing attacks that leverage AI to generate unique phishing lures, which defeats traditional pattern-based detection methods according to Security Boulevard. These attacks exploit OAuth device authorization flows where attackers trick users into entering codes on legitimate authentication pages, allowing credential theft without triggering typical phishing defenses. SRE and DevOps teams should review device code authentication flows in their environments, implement stricter monitoring of OAuth device code grant usage patterns, and consider deploying behavioral analysis tools that can detect anomalous authentication attempts beyond simple signature matching. Organizations relying on device code flows for CLI tools, IoT devices, or headless systems should prioritize user education about verifying the source of device code requests and implement additional verification steps before code entry.
- Worth reading: The rise in unique phishing attacks driven by AI could lead to increased security incidents, requiring teams to enhance their detection and response strategies to mitigate risks associated with these evolving threats.
- Sources: Security Boulevard Newsletters
10. AWS Launches Forward Deployed Engineering Team to Speed AI Adoption
- Category: Community
- What happened: AWS has announced a $1 billion investment to establish a Forward Deployed Engineering (FDE) organization that will embed AI engineers directly within customer organizations to accelerate production AI deployments. This new team will provide on-site expertise to help companies overcome implementation challenges and move AI projects from development to production more rapidly. For SRE teams currently struggling with AI workload deployment or scaling, this represents a potential resource for obtaining AWS engineering support beyond traditional TAM relationships, particularly for organizations facing skills gaps in productionizing machine learning systems. Operators working on AI infrastructure should monitor AWS announcements for details on how to request FDE engagement and what eligibility criteria or commitment levels may be required. This initiative signals AWS's recognition that AI adoption is bottlenecked by implementation expertise rather than just tooling availability, which may influence how teams approach build-versus-buy decisions for AI platform capabilities.
- Worth reading: This move could significantly affect production environments as it provides direct access to AI expertise, potentially accelerating AI project implementations and improving operational efficiency for AWS customers.
- Sources: Techstrong.ai
CVE & Security
1. Attackers Exploit SimpleHelp Flaw to Steal Info from AI Coding Assistants, Clouds
- Category: Security / Patch
- What happened: Attackers are exploiting a critical authentication bypass vulnerability in SimpleHelp software, tracked as CVE-2026-48558, to deploy malware that steals sensitive data from AI coding assistants and cloud services. The malware, Djinn Stealer, can access a wide range of developer information, including tokens from AI tools, GitHub CLI data, and Docker authentication, potentially compromising entire development pipelines.
- Do this Monday: This vulnerability poses a significant risk to organizations using SimpleHelp, as it allows attackers to gain unauthorized access to sensitive developer data and credentials, which could lead to broader security breaches across systems and services.
- Source: DevOps.com
2. CVE-2026-12957 and CVE-2026-12958 - Issues in Language Servers for AWS and Amazon Q Developer Plugins - Your AI
- Category: Security / Patch
- What happened: Amazon Web Services disclosed two critical vulnerabilities, CVE-2026-12957 and CVE-2026-12958, affecting Language Servers for AWS and Amazon Q Developer Plugins that permit arbitrary command execution from any workspace without available workarounds. Operators must immediately upgrade affected plugins and language servers to patched versions, as these vulnerabilities present significant supply chain risk through development tool compromise. Separately, AWS published its June 2026 Threat Technique Catalog update adding five new attack techniques related to container security, including methods for modifying Amazon EKS workloads, exploiting public resources, and abusing organization-level trust relationships for compute hijacking. SRE teams should review the new catalog entries to validate existing detection rules and security controls cover these emerging attack patterns, particularly around EKS workload integrity monitoring and cross-account trust boundaries. The combination of actively exploitable developer tool vulnerabilities and newly documented container attack techniques requires coordinated response across both developer workstation security and production infrastructure controls.
- Do this Monday: These vulnerabilities could lead to unauthorized command execution, posing a significant security risk. Immediate upgrades are necessary to mitigate potential exploitation.
- Sources: AWS via Last Week in AWS, AWS Security Blog
3. CVE-2026-13762 and CVE-2026-13763 - Issue with HTTP/2 multi-frame request body inspection in AWS WAF
- Category: Security / Patch
- What happened: AWS identified two vulnerabilities, CVE-2026-13762 and CVE-2026-13763, affecting HTTP/2 multi-frame request body inspection in AWS WAF. CVE-2026-13762, which impacts WAF with CloudFront, has been remediated server-side with no action needed from customers. CVE-2026-13763 affects WAF with AWS Application Load Balancer, where a crafted HTTP/2 request could lead to incomplete request body inspection. This issue has been addressed, and customers should configure WAF settings to ensure full protection.
- Do this Monday: Operators using AWS WAF with Application Load Balancer should review their configuration to ensure proper inspection of HTTP/2 request bodies to mitigate the risk associated with CVE-2026-13763. No action is needed for those using WAF with CloudFront.
- Source: AWS Security Bulletins
4. Data breach exposes up to 14.2 million email logins at six ISPs
- Category: Security / Patch
- What happened: KDDI Corporation reported a data breach affecting its email system, which is shared with five other ISPs, potentially exposing up to 14.2 million email logins. The breach highlights vulnerabilities in shared systems among ISPs.
- Do this Monday: This incident raises concerns about the security of shared email systems and the potential for widespread credential theft, which could affect user accounts across multiple ISPs.
- Source: Bleeping Computer
5. Survey Surfaces Rise in IT Incidents Attributable to AI Coding Tools
- Category: Security / Patch
- What happened: A survey of IT decision makers reveals that 93% of organizations have faced infrastructure incidents due to AI coding tools. The findings indicate that AI has increased demands on infrastructure teams, with 40% reporting faster security vulnerabilities and governance challenges. Despite 86% expressing confidence in their AI governance capabilities, only 30% have formal policies in place. Alarmingly, one-third of infrastructure teams apply AI-generated code directly to production without review, raising concerns about security vulnerabilities and misconfigurations.
- Do this Monday: The reliance on AI-generated code without adequate review processes may lead to increased security vulnerabilities and operational incidents. Organizations should consider implementing stronger governance policies and review mechanisms for AI-generated infrastructure code to mitigate risks.
- Source: DevOps.com
Releases
1. Triton Inference Server: 2.70.0, 2.69.0
- Category: Release
- What happened: NVIDIA Triton Inference Server released versions 2.69.0 (NGC container 26.05) and 2.70.0 (NGC container 26.06) with significant changes that operators should evaluate before upgrading. Version 2.69.0 adds request cancellation support in the gRPC C++ client, improved memory management, and Azure Managed Identity authentication for Azure Storage mounts. Version 2.70.0 introduces breaking changes including the removal of deprecated Windows support and a new requirement for BF16 input/output tensor handling in the Python client, along with enhanced multi-device inference capabilities. Operators running Windows deployments must remain on 2.69.0 or earlier, while those using the Python client should test BF16 tensor handling compatibility before upgrading to 2.70.0.
- Do this Monday: The removal of Windows support may affect users relying on that platform. The change in BF16 handling requires updates to existing scripts, which could lead to runtime errors if not addressed. The security enhancements are crucial for maintaining a secure inference environment. Users should be aware of the known issues that may impact deployment stability.
- Sources: Triton Inference Server releases
2. Announcing Valkey 9.1 for Amazon ElastiCache
- Category: Release
- What happened: Amazon ElastiCache now supports Valkey 9.1, which introduces enhancements aimed at improving throughput, memory efficiency, and operational workflows for in-memory workloads. Key features include a redesigned I/O threading model that boosts performance, new commands for easier application management, and observability improvements for better engine visibility. The update is particularly beneficial for large-scale deployments, as it can lead to significant cost savings and improved performance metrics.
- Do this Monday: The introduction of Valkey 9.1 could lead to better resource utilization and cost savings for teams using ElastiCache, especially for those managing high-throughput and latency-sensitive applications. The performance improvements may allow for reduced infrastructure costs and delayed scaling events, which could impact budgeting and resource planning.
- Source: AWS Database Blog
3. Building fault-tolerant multi-agent AI workflows with AWS Lambda durable functions
- Category: Release
- What happened: AWS has introduced new capabilities for building and managing AI-driven workflows, including AWS Lambda durable functions for fault-tolerant multi-agent AI systems and Amazon Connect's new Agentic CX designer (AWS Compute Blog, AWS What's New). The Lambda durable functions approach enables developers to orchestrate complex AI workflows, such as healthcare prior authorization processes, with built-in fault tolerance and state management. For operators using Amazon Connect, the Agentic CX designer provides a no-code interface that allows business teams to design, test, and deploy AI-powered customer experiences across voice and digital channels without engineering involvement. SREs managing customer experience platforms or AI-driven workflows should evaluate these capabilities to reduce operational complexity and enable faster iteration on AI-powered services. Additionally, AWS announced EC2 AMI Watermarks and Open Governance for MySQL features in the same June 29, 2026 roundup, though specific details were not provided in the source material.
- Do this Monday: Implementing AWS Lambda durable functions could significantly improve the efficiency and reliability of multi-agent workflows in production environments, particularly in sectors like healthcare where prior authorization processes are critical. This change may reduce operational overhead and enhance fault tolerance.
- Sources: AWS Compute Blog, AWS What's New
4. Okta is the first to bring AI agent governance inside FedRAMP boundaries
- Category: Release
- What happened: Okta has launched its AI agent governance platform for FedRAMP and HIPAA-regulated environments, positioning itself as the first independent identity platform to manage AI agents alongside human and machine identities. This initiative responds to federal mandates for AI adoption and security, emphasizing the need for visibility and control over AI agents to mitigate risks such as compliance violations and security breaches. The platform introduces governance measures that ensure agents are registered, owned, and operate under strict access controls, replacing static credentials with dynamic, scoped tokens.
- Do this Monday: The introduction of Okta's AI agent governance could significantly affect organizations operating under federal regulations by providing a structured approach to managing AI agents. This could help mitigate risks associated with ungoverned agents, such as compliance violations and security breaches, making it crucial for agencies to adopt these governance practices to enhance their security posture.
- Source: The New Stack
5. Bamboo to Bitbucket Pipelines migration tool is now GA
- Category: Release
- What happened: The Bamboo to Bitbucket Pipelines migration tool has reached general availability, enhancing its capabilities for users transitioning from Bamboo to Bitbucket. Key features include automatic conversion of Bamboo Deployment Projects into custom pipelines, support for custom transformers via Python scripts, instance-level migration for all build plans and deployment projects, and improved audit reporting for unsupported tasks. The migration aims to reduce operational overhead and costs while providing a fully managed CI/CD platform.
- Do this Monday: The availability of this migration tool may affect teams currently using Bamboo by simplifying their transition to a cloud-native CI/CD solution, potentially leading to reduced operational costs and improved productivity.
- Source: Atlassian Engineering
6. China Announces Its Answer to Mythos With Its Own Cyber Weapon of Mass Destruction
- Category: Release
- What happened: Qihoo 360, a Chinese AI company, has announced the development of Tulongfeng, an AI system that aims to compete with Anthropic's Mythos in detecting cybersecurity vulnerabilities. The CEO likened the race for AI vulnerability detection to a nuclear arms race, suggesting that nations lacking such capabilities will be at a disadvantage. While Tulongfeng's capabilities have not been independently verified, it is claimed to have discovered over 3000 vulnerabilities, many classified as high risk. This development raises concerns about the potential for AI to be used as a weapon of mass destruction in cyber warfare.
- Do this Monday: The emergence of Tulongfeng could significantly alter the landscape of cybersecurity, as it may enable adversaries to exploit vulnerabilities in critical infrastructure. Organizations should be aware of the potential for increased cyber threats and the need for enhanced security measures in response to advancements in AI vulnerability detection.
- Source: Security Boulevard (FeedBurner mirror)
Lightning links
- Lessons learned from scaling to 1 million Lambda functions (AWS Architecture Blog) -- Discover key insights from scaling a serverless platform to over one million AWS Lambda functions.
- Dragonfly v2.5.0 is released (TLDR DevOps) -- The latest Dragonfly release enhances performance and stability for image distribution.
- Highlights from Git 2.55 (GitHub Blog) -- Git 2.55 introduces new features and bug fixes, enhancing version control capabilities.
- How We Brought Enterprise-Managed Authorization to Rovo MCP (Atlassian Engineering) -- Atlassian's new centralized access management improves security and client management.
- Eliya 25 Brings a JVM-Level Diagnostic Profile to OpenJDK 25 LTS (InfoQ DevOps) -- Eliya 25 enhances Java diagnostics, improving production environments.
- 13.0.3 (Grafana releases) (Grafana releases) -- Grafana 13.0.3 brings enhancements for Docker images and dashboard provisioning.
- Restrict issue creation to collaborators only (GitHub Changelog) -- GitHub now allows repository admins to limit issue creation to collaborators, enhancing control.
- The Role of Static Code Analysis in Fintech Compliance (JetBrains Blog) -- Static code analysis is crucial for compliance in fintech, mitigating security risks.
- Agentic AI Is Eating Your Engineering Org (dev.to (DevOps tag)) -- Explore the challenges and risks associated with the rapid adoption of AI agents in organizations.
- Preventing data exfiltration in machine learning environments with Amazon SageMaker AI (AWS Architecture Blog) -- Learn how to secure sensitive data in AI environments while enabling data science workflows.
Human Stories
The arms race has entered a new phase, and it's showing up in opposing mirror images across our threat landscape. Apple is openly using AI tools to identify WebKit vulnerabilities and accelerate patches against AI-driven attacks, while on the flip side, threat actors are evolving techniques like OnyxC2's oversized NVIDIA library camouflage and the VS Code task hijacking in npm packages that specifically target our blind spots in detection tooling. What strikes me most is how the infrastructure we depend on - Lambda's new MicroVM architecture, CloudWatch's OTel integration, even AWS Certificate Manager's ACME support - is being hardened and automated at the same moment attackers are automating their exploitation chains. The uncomfortable truth is that both sides are solving for speed and scale simultaneously, which means our traditional "patch Tuesday" cadence and manual security reviews are becoming relics of a slower era we can't afford to romanticize anymore.
Also worth reading
Claude Code Incidents — June 2026: what silently broke, and the one-line fixes (dev.to (DevOps tag))
The article reviews several incidents involving Claude Code that occurred in June 2026, highlighting issues that led to data loss, unexpected costs, and silent failures. Each incident includes a brief description of what went wrong and a suggested one-line fix to mitigate the issue. Examples include
Lessons learned from scaling to 1 million Lambda functions (AWS Architecture Blog)
The article discusses the lessons learned from scaling a serverless SaaS platform to over one million AWS Lambda functions. It emphasizes the importance of true scale-to-zero, effective quota management, and early engagement with AWS service teams to prevent outages. The authors describe their archi
Agentic AI Is Eating Your Engineering Org — And 94% of (dev.to (DevOps tag))
A significant percentage of organizations using AI agents express concerns about increased complexity, technical debt, and security risks. The rapid adoption of agentic AI has led to issues such as agent sprawl, verification bottlenecks, and the need for better governance. Teams are encouraged to tr