Archive - DevOps Bulletin

Digest #212: GitHub Actions Weakest Link, Lambda's Invisible Network, Cloudflare's AI Stack and Terragrunt is Dead

Pulling back the curtain on Lambda's invisible network to GitHub Actions being the biggest CI/CD attack surface. Add Cloudflare sharing the internal AI…

May 1 • Mohamed Labouardy

April 2026

Digest #211: AWS DevOps Agent, AI Cloud Attacks and Security Skills for AI Agents

LMDeploy CVE exploited in 12 hours, autonomous AI cloud attacks, GitHub Actions threat model, and 7 open source tools for DevOps and security teams.

Apr 29 • Mohamed Labouardy

Digest #210: Claude Code Security Bypass, prt-scan Supply Chain Attack, Duolingo EKS Migration and Cloudflare Artifacts

Claude Code security bypass, GitHub Actions supply chain attack, Duolingo's EKS migration, Cloudflare Artifacts for agents, MCP on ECS, and 8 open…

Apr 17 • Mohamed Labouardy

Digest #209: OpenAI Codex Command Injection, Live Kubernetes Migration and SRE Agents

From Claude Code's source code being exposed through npm source maps, to a command injection flaw in OpenAI Codex leaking GitHub tokens.

Apr 10 • Mohamed Labouardy

Digest #208: Axios Supply Chain Attack, Agentic Incident Response, LLMs on Kubernetes and VSCode Malwares

A critical axios npm compromise affecting millions of downloads, while teams began automating incident response with AI agents.

Apr 3 • Mohamed Labouardy

March 2026

Digest #207: LiteLLM Malware Attack, Dropbox 87GB monorepo, Cursor's Security Agents and K8s One-Line Fix

The LiteLLM supply chain attack, Dropbox monorepo optimization, Postgres WAL debugging, Kubernetes performance fixes, and open source tools for LLM…

Mar 27 • Mohamed Labouardy

Digest #206: S3 Bucketsquatting Dead, AI Agents Writing Go, Reddit Kafka Migration and CI/CD Security

AWS S3 namespace protection, Reddit's petabyte Kafka migration to Kubernetes, AI agents writing Go, CI/CD pipeline security scanning, and AWS phishing…

Mar 23 • Mohamed Labouardy

Digest #205: GitHub Actions Exploitation, Terraform Internals, Passkeys Warning and Go Runtime

A bot exploiting GitHub Actions across Microsoft and CNCF projects, Terraform internals deep-dive, npm token theft via CI, and Go runtime scheduler…

Mar 13 • Mohamed Labouardy

Digest #204: AWS Data Centers Hit, Kubernetes Full Course, LLM Caching and AI Pentesting

AWS data centers struck by drones in UAE, 2,863 Google API keys exposed to Gemini, LLM caching architectures, Terraform feature flags, and AI pentesting…

Mar 6 • Mohamed Labouardy

February 2026

Digest #203: AWS 100K Credits, Scaling GitOps, Git inside Postgres and OpenClaw Security

Reducing Go agent binaries by 77% and saving 70% on S3 at petabyte scale, to automating RDS to Aurora migrations and scaling GitOps in the enterprise…

Feb 27 • Mohamed Labouardy

Digest #202: Terraform Claude Skills, FinOps FOCUS 1.2, AI Fatigue for Cloud Engineers, and MCP for Web Data Extraction

Gaps in FOCUS 1.2 billing data, the truth about AI fatigue for cloud engineers, and the three AI skills that matter most. Plus, latest DevOps, FinOps…

Feb 20 • Mohamed Labouardy

Digest #201: Heroku Shutdown, GitLab at Scale, DDoS with Golang, and AI Agents Security

Heroku’s effective shutdown, how GitLab deploys at massive scale, why Postgres postmaster doesn’t scale, scaling Kubernetes from zero, AWS Cost…

Feb 13 • Mohamed Labouardy

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts