Welcome to this week’s edition of the DevOps Bulletin.

From S3 bucketsquatting finally being dead after a decade of exploitation, to Reddit migrating petabyte-scale Kafka from EC2 to Kubernetes with zero downtime, and an active phishing campaign targeting AWS console credentials using adversary-in-the-middle proxies.

On the tutorial side, we look at how AI agents write Go, vibe coding’s attribution problem, why git blame matters more than ever, and how Datadog caught an AI-powered bot trying to inject malicious code into their open-source repos. Plus a $7 Lightsail setup that replaces your local AI agent, and a deep dive into when Kubernetes actually restarts your pod.

This week’s open source picks feature Serie, a Rust-based terminal tool for clean Git commit graphs, Bromure, a macOS app that runs each browser session inside a disposable Linux virtual machine, and Trajan, a scanner that detects vulnerabilities across platforms like GitHub Actions, GitLab CI, Azure DevOps, Jenkins, and JFrog.

All this and more in this week’s DevOps Bulletin, don’t miss out!

Building an IDP from Scratch - Live Workshop

Design and build an Internal Developer Platform that scales and gets adopted. This hands-on, 2-day workshop covers platform-as-a-product thinking, cloud-native architecture, IaC, automation patterns, and production readiness. Ideal for platform engineers, DevOps teams, and engineering leaders building IDPs. Exclusive 40% discount code: DEVOPSBULLETIN

Newsworthy stories

• S3 bucketsquatting is finally dead

• Security architecture of GitHub agentic workflows

• How Reddit migrated Petabyte-scale Kafka from EC2 to Kubernetes

• Azure DevOps remote MCP server

• What if your Git history were a SQL database?

• Active phishing campaign targeting AWS console credentials

• Postgres is the Gateway drug

• When should you use BFF, and should it replace API Gateway?

Tutorials of the week

• The $7 AWS setup that replaced my local OpenClaw

• Catching malicious contributions in Datadog’s open source repos

• Vibe coding needs git blame

• Building a virtualized Kubernetes homelab

• How AI agents want to write Go

• When Kubernetes restarts your pod

• Hosting and scaling EKS hybrid nodes

• Complete guide to AWS ECS

• Mastering GKE multi-tenancy

Videos of the week

Projects of the week

• Serie is a TUI application that renders Git commit graphs with rich visuals using the terminal’s image display protocol.

• Git Quest is a web-based RPG game that converts your GitHub commit history into character progression and in-game resources.

• Pertmux is a terminal dashboard that unifies merge requests, git worktrees, tmux sessions, and AI coding agents into a single real-time monitoring interface.

• Nord Stream is a security testing tool that extracts secrets from CI/CD environments by deploying malicious pipelines across Azure DevOps, GitHub, and GitLab.

• Trajan is a security scanner that identifies vulnerabilities in CI/CD pipeline configurations across GitHub Actions, GitLab CI, Azure DevOps, Jenkins, and JFrog.

• Bromure is a native macOS app that runs every browser session inside a lightweight, disposable Linux virtual machine for full isolation.

Meme of the week