IT as Code
Why Enterprise AI Infrastructure Is Becoming a DevOps Problem
Most enterprise AI projects start with retrieval. You connect Jira, Confluence, SharePoint, and Slack. Maybe a few internal databases nobody has touched in five years. You tune embeddings, optimize chunking, wire up ...
Attackers Can Exploit a Claude Code RCE Flaw to Take Command of System
Jeff Burt | | agentic AI, AI (Artificial Intelligence), AI security risks, Anthropic Claude Code, automated parsers, deeplinkA dangerous vulnerability found in Anthropic’s popular Claude Code developer model could have allowed bad actors to grab control of a victim’s system by luring them into clicking on a crafted malicious ...
GitHub Breach Tied to Malicious VS Code Extension Exposes Thousands of Internal Repositories
GitHub says attackers accessed thousands of internal repositories after a company employee’s device was compromised through a malicious Visual Studio Code extension, though the company said it has removed the malicious extension, ...
Red Hat Previews AI Agent Integration with Ansible Automation Platform
Red Hat today revealed it is extending the reach of its Ansible Automation Platform for IT operations to artificial intelligence (AI) agents, in addition to making it simpler to build AI agents ...
Why Senior Engineers Still Do Manual Work in Highly Automated Environments
Automation has been part of enterprise IT for many years, and in many environments, it has grown into an extensive network of interdependent workflows that keep routine operations running smoothly. Scripts provision ...
Cyber Threats to DevOps Platforms Rising Fast, GitProtect Report Finds
Jeff Burt | | Azure DevOps, CI/CD, code repositories, Cybersecurity, DevOps platform downtime, devops security, extortion, GitHub security, GitProtect.io DevOps Threats report, GPUGate, JIRA, Kaspersky Lab, NPM security, Ransomware, Shai-HuludThe number of incidents targeting DevOps platforms grew 21% in 2025, but the amount of downtime jumped almost 95%, the security firm said ...
When AI Goes Really, Really Wrong: How PocketOS Lost All Its Data
Steven J. Vaughan-Nichols | | AI agent, AI coding agent, AI safety, Anthropic, Anthropic Claude, autonomous agents, backups, Claude, Cloud Security, Cursor, data loss, PocketOS, RailwayYou can't make this crap up. You just wish you could. Jer Crane, founder of the small vertical software company, PocketOS, reported on X that the AI Cursor coding agent and a ...
Sophisticated Supply Chain Attack Targeting Trivy Expands to Checkmarx, LiteLLM
Jeff Burt | | AI (Artificial Intelligence), AI supply chain attacks, Aqua Security Trivy, Checkmarx, Cloud Security, credentials, exposed secrets, GitHub Actions, LiteLLM, microsoft, Palo Alto Networks, Sysdig, TeamPCPThe supply chain attack that compromised Aqua Security’s Trivy open source security vulnerability scanner and its associated GitHub Actions earlier this month continues to expand, with software development tools from Checkmarx and ...
Codenotary Previews AI Platform to Autonomously Detect and Remediate IT Issues
Codenotary is previewing a software-as–a-service (SaaS) platform that enables artificial intelligence (AI) agents it has developed to autonomously detect, prioritize, and fix security, configuration, and performance issues. Company CEO Moshe Bar said ...
N. Korean Famous Chollima Hackers Use Malicious npm Packages to Steal Data
Jeff Burt | | Contagious Interview, Famous Chollima, infostealer, linux, macOS, malicious npm packages, Microsoft Windows, Pastebin, remote access trojan (RAT), Socket, software developers, typosquattingA group of more than two dozen malicious npm packages used to steal secrets and credentials from software developers has all the hallmarks – from infrastructure to operations – of Famous Chollima, ...
ControlMonkey Extends IaC Automation Reach to Restore Network Services
ControlMonkey has extended its platform for automating infrastructure-as-code (IaC) to add an ability to reprovision network services following a disruption in service. Company CEO Aharon Twizer said this extension to the Cloud ...
‘PackageGate’ Vulnerabilities Can Let Attackers Bypass Shai-Hulud Defenses
Jeff Burt | | Aikido Security, Bun, Git dependency, github, Koi Security, microsoft, npm registry, PhantomRaven, PNPM, remote code execution, Shai-Hulud worm, supply chain attack, VLTIn the wake of the massive Shai-Hulud supply chain attack that ripped through npm late last year and compromised more than 700 packages and exposed 25,000 repositories, developers in the JavaScript world ...
