Operations | Monitoring | ITSM | DevOps | Cloud

Lessons From a CI/CD Supply Chain Attack at Grafana Labs

May 26, 2026 By Grafana In Grafana
When a compromised GitHub Actions workflow targets your CI/CD pipeline, how do you respond — and what do you change so it never happens again? Nick and David from Grafana Security walk through a real supply chain incident triggered by a pull_request_target misconfiguration, showing exactly what broke, what tools caught it, and what the team rebuilt afterward.
View Video
oh dear

Improvements to our status pages as we tackle a DDoS

May 14, 2026 By Mattias Geniar In Oh Dear
The uptime & availability of our status pages hasn't been great these past few days. The root cause is a persistent and pretty aggressive DDoS attack targeted at our own status page, status.ohdear.app. As a result, the overload on our systems also affected all other status pages we host for clients. We're not yet at Github or Claude levels of uptime sadness, but this isn't acceptable to us. In this post, I'll share what's happening and what steps we've already taken.
Read Post
megaport

Introducing Megaport DDoS Protection: Built-In Network Resilience for Megaport Internet

May 6, 2026 By Megaport In Megaport
This fabric-native shield delivers private, professional-grade resilience that is easily added via the Megaport Portal in under 60 seconds. Megaport is evolving the connection. With the launch of Megaport DDoS Protection, we are securing the mission-critical Megaport Internet connection by filtering out malicious traffic before it ever reaches your platform.
Read Post
Teneo

AI Supply Chain Attacks Are Here. And Most Organizations Aren't Ready

May 4, 2026 By Teneo In Teneo
When I read about the Vercel breach tied to a Context AI compromise, I wasn’t surprised. I’ve been talking with customers for a while now about how AI was going to introduce a new kind of supply chain risk. This is exactly what that looks like. What stands out to me is how familiar the pattern is. We saw it with open source, then again with SaaS, and again with cloud.
Read Post
How AI-Powered Phishing Is Changing What 'Suspicious Email' Looks Like

How AI-Powered Phishing Is Changing What 'Suspicious Email' Looks Like

Apr 15, 2026 By OpsMatters In OpsMatters
For years, spotting a phishing email was almost a checklist exercise. Look for typos, watch for broken grammar, be suspicious of generic greetings like "Dear user," and check if the sender's address looks strange. That mental model worked because phishing emails actually looked bad. Which is no longer true. With the rise of AI, attackers can generate emails that are grammatically perfect, context-aware, and indistinguishable from legitimate business communication. The obvious red flags are gone. What used to look suspicious now looks completely normal.
Read Post

npm axios attack - What happened and how to protect your supply chain

Apr 2, 2026 By Cloudsmith In Cloudsmith
100M+ weekly downloads. One compromised maintainer account. A remote access trojan in two active release branches. This is a 30-minute breakdown of the Axios npm supply chain attack – how it happened, why it was hard to detect, and what any engineering team can do right now to reduce exposure. Nigel Douglas, Head of Developer Relations at Cloudsmith, is joined by Jenn Gile, co-founder of Open Source Malware, a community-driven threat intelligence platform focused on malicious open source packages.
View Video
Emerging Cyber Threats Every Organization Should Know

Emerging Cyber Threats Every Organization Should Know

Mar 25, 2026 By OpsMatters In OpsMatters
Cyber threats in 2026 are evolving faster than most organizations can comfortably manage. Attackers are using automation, artificial intelligence, and scalable attack models to target businesses of every size. What used to be handled in isolation by IT teams is now a boardroom concern. A single breach can disrupt operations, damage trust, and create long-term financial consequences. Leaders are starting to recognize that cybersecurity is not just about tools but about strategy, governance, and accountability across the organization.
Read Post
certkit

How likely is a man-in-the-middle attack?

Feb 23, 2026 By Todd H. Gardner In CertKit
Security vendors love the man-in-the-middle attack. It’s the boogeyman of every TLS marketing page. Some shadowy figure intercepting your traffic, reading your secrets, stealing your data. A man-in-the-middle attack is when an attacker positions themselves between two parties on a network to intercept the traffic flowing between them. In the context of TLS, that means an attacker who can present a valid certificate can read everything in plaintext and proxy it on to the real server.
Read Post
Cybersecurity Planning for Small Business Operations

Cybersecurity Planning for Small Business Operations

Feb 13, 2026 By OpsMatters In OpsMatters
Building a solid defense for your company is about more than just installing a single software program. In the current year, digital threats have become a professionalized industry where attackers use advanced tools to target smaller organizations. A recent report noted that 95% of cybersecurity breaches are caused by simple human error. This means that your planning must focus on both technical tools and the people using them daily. By taking a proactive approach, you can protect your assets and maintain the trust of your clients.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.