Martin Cid Magazine

Megalodon turned GitHub Actions into a 5,561-repo backdoor in six hours

Researchers at SafeDep traced 5,718 malicious commits to 5,561 GitHub repositories, all pushed in a six-hour window on a ...
ZDNet

CI build logs continue to expose company secrets

Security researchers are still finding secrets hidden deep inside continuous integration services, years after the issue become common knowledge. Continuous integration (CI) is a coding methodology ...
InfoQ

Pinterest Engineering Reduces Android CI Build Times by 36% with Runtime-Aware Sharding

Pinterest published a technical case study detailing how its engineering team cut Android end-to-end (E2E) continuous integration (CI) build times by more than 36 percent by adopting a runtime-aware ...
Morning Overview on MSN

TeamPCP compromised the CI/CD pipelines behind Trivy, Checkmarx, and LiteLLM — stealing AWS keys from build servers worldwide

Sometime on March 19, 2026, a poisoned version of the open-source security scanner Trivy slipped into automated build pipelines at the European Commission and began quietly stealing AWS credentials.
cio.economictimes.indiatimes

10 Best CI/CD Tools for DevOps Teams in 2026

Quick Summary Aiming to deliver software faster without compromising quality or security? Explore the 10 best CI/CD tools for DevOps teams in 2026 that help automate builds, testing, and deployments ...
Computer Weekly

CI/CD series - PagerDuty: the pipeline is only as good as you build it

The latest trends in software development from the Computer Weekly Application Developer Network. This is a guest post for the Computer Weekly Developer Network in our Continuous Integration (CI) & ...