Explore the latest in DevOps security practices, tools, and trends. Stay ahead on secure continuous integration & deployment with our expert insights.
Search across headline titles and summaries.
Background for this topic.
DevOps is a blend of cultural philosophies, practices, and tools that increases an organization's ability to deliver applications and services at high velocity. It evolved from the intersection of software development (Dev) and information technology operations (Ops), aiming to shorten the system development life cycle while delivering features, fixes, and updates frequently in close alignment with business objectives.
In the context of information security, or SecDevOps/DevSecOps as it is often called, DevOps integrates security principles and practices within the development life cycle from the outset. This proactive approach involves automating security processes, implementing secure coding practices, and ensuring continuous delivery and integration include security checkpoints. By embedding information security into the agile workflow, organizations can create more secure software, respond swiftly to vulnerabilities, and maintain compliance with regulatory standards.
Weekly headline count for the current query.
A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and network tunneling
A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild
Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating administrative utilities they rely on for daily operations. By integrating Search Engine Order (SEO)
Just a few years ago, the cloud was touted as the “magic pill” for any cyber threat or performance issue. Many were lured by the “always-on” dream, trading granular control for the convenience of managed services
CyberArk and Accenture Experts Discuss Modernization, Identity Sprawl, Securing AIEnterprises are embracing modernization by adopting artificial intelligence tools, automation and DevOps-driven development in the cloud, but these new platforms have introduced an attack surface saturated with human and machine identities, said CyberArk's Barak Feldman and Accenture's Rex Thexton.
CyberArk and Accenture Experts Discuss Modernization, Identity Sprawl, Securing AIFinancial services organizations are accelerating modernization efforts by adopting artificial intelligence, automation and DevOps-driven cloud development, but these initiatives have dramatically expanded their attack surface. As banks and financial enterprises rely more heavily on non-human identities to power applications, integrations and AI-driven workflows, security leaders are struggling to manage the volume, velocity and variety of machine identities across cloud and on-premises environments, said Barak Feldman, senior vice president of solutions engineering at CyberArk, and Rex Thexton, senior managing director at Accenture.
CyberArk and Accenture Experts Discuss Modernization, Identity Sprawl, Securing AIEnterprises are embracing modernization by adopting artificial intelligence tools, automation and DevOps-driven development in the cloud, but these new platforms have introduced an attack surface saturated with human and machine identities, said CyberArk's Barak Feldman and Accenture's Rex Thexton.
Software teams at Google and other Rust adopters see safer code when using the memory-safe language, and also fewer rollbacks and less code review.
DevOps repos on GitHub, GitLab, Bitbucket, and Azure DevOps face risks from weak access controls, misconfigurations, outages, and accidental deletions. GitProtect provides automated, immutable backups and fast recovery to secure your DevOps data. [...]
Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks
Why DevOps, Infrastructure Must Evolve to Manage AI-Accelerated DevelopmentA 2025 DORA report states that AI adoption improves software delivery throughput but increases delivery instability, suggesting development teams are adapting for speed while their underlying systems lag behind.
Outages affecting DevOps tools threaten to leave developers coding like it's 1999. How serious is the threat and what can companies do?
New campaign merges traditional malware with DevOps tools, using GitHub CodeSpaces for DDoS attacks
Some 36% of Grafana instances are vulnerable to account takeover bug, putting DevOps teams at risk
To stop the JINX-0132 gang behind these attacks, pay attention to HashiCorp, Docker, and Gitea security settings Up to a quarter of all cloud users are at risk of having their computing resources stolen and used to illicitly mine for cryptocurrency, after crims cooked up a campaign that targets publicly accessible DevOps tools.…
Cybersecurity researchers have discovered a new cryptojacking campaign that's targeting publicly accessible DevOps web servers such as those associated with Docker, Gitea, and HashiCorp Consul and Nomad to illicitly mine cryptocurrencies
Wiz finds new threat group running cryptojacking campaign via exploited and misconfigured DevOps assets
Microsoft on Tuesday shipped fixes to address a total of 78 security flaws across its software lineup, including a set of five zero-days that have come under active exploitation in the wild
Security shouldn't wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline—powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle. [...]
Funds Will Support Next-Gen Security Orchestration and Response, Eliminate ComplexityWith $30 million in funding, Sola Security is launching an AI-driven, self-service SOAR platform designed for easy adoption across security, IT, and DevOps teams. The Israeli startup aims to disrupt traditional security automation by lowering technical barriers.