{"id":3950,"date":"2026-04-29T14:11:25","date_gmt":"2026-04-29T14:11:25","guid":{"rendered":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/04\/29\/cyber-threats-to-devops-platforms-rising-fast-gitprotect-report-finds\/"},"modified":"2026-04-29T14:11:25","modified_gmt":"2026-04-29T14:11:25","slug":"cyber-threats-to-devops-platforms-rising-fast-gitprotect-report-finds","status":"publish","type":"post","link":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/04\/29\/cyber-threats-to-devops-platforms-rising-fast-gitprotect-report-finds\/","title":{"rendered":"Cyber Threats to DevOps Platforms Rising Fast, GitProtect Report Finds"},"content":{"rendered":"
\"security,<\/div>\n

\"security,<\/p>\n

Software developers, CI\/CD pipelines, and the tools they rely on are increasingly becoming attractive targets for threat groups<\/a>. The number of cyberattacks on code repositories<\/a> like npm and GitHub continues to mount as threat actors push their supply chain attacks.<\/p>\n

Compromising open source packages, fake development tools, and social engineering are among the tactics bad actors use against developers. Researchers with Kaspersky Lab this month wrote that a combination<\/a> of programmers\u2019 unfounded belief that they are good at spotting threats and jobs that require them to often download and run third-party code \u201cmakes them sitting ducks for cyberattackers.\u201d<\/p>\n

GitProtect.io analyst this week detailed the mounting and evolving threats facing developers and their operations. In its DevOps Threats Unwrapped Report 2026<\/a>, the DevOps backup and recovery specialists found that the number of incidents targeting DevOps environments in 2025 grew 21% year-over-year, and that the number of hours of impacted performance those incidents caused doubled to 9,255, costing more than $740,000 in lost engineering productivity.<\/p>\n

The numbers in the report are based on publicly available information published by vendors on their status pages, security advisories, databases, and publicly reported incidents, according to GitProtect.<\/p>\n

\u2018A Playground for Cyber Criminals\u2019<\/h3>\n

\u201cWhat could we remember 2025 for when it comes to DevOps threats?\u201d Daria Kulikova, head of GitProtect Lab, wrote in the report. \u201cIt was a year when trusted development platforms, automation pipelines, and cloud identities became a playground for cyber criminals. Attackers leveraged platforms such as GitHub, GitLab, Atlassian, and Microsoft as part of their malware campaigns \u2013 they used trusted DevOps platforms as malware distribution channels, command-and-control infrastructure, and credential harvesting pipelines.\u201d<\/p>\n

Kulikova pointed to how various campaigns \u2013 such as Shai-Hulud<\/a>, GhostAction<\/a>, GPUGate<\/a>, and GitVenom<\/a> \u2013 abused automation and stole tokens to compromise repositories, listed a range of malware families like PyStoreRAT, SmartLoader, Lumma Stealer, and AsyncRAT that were distributed through fake libraries, poisoned packages, and other means, and noted that AI-generated repositories and dormant accounts were used for credential theft and covert reconnaissance.<\/p>\n

\u201cHowever, attackers weren\u02bct only limited to distributing the code on DevOps platforms,\u201d she wrote. \u201cIdentity was another attack direction. Hackers abused OAuth flows, long-lived Personal Access Tokens (PATs), and MFA-bypassing phishing kits to bypass defenses on Microsoft 365, GitHub, and collaboration tools at scale.\u201d<\/p>\n

By the Numbers<\/h3>\n

The numbers in the report illustrate the turn bad actors are taking toward developers. In 2024, GitHub, GitLab, Azure DevOps and Jira saw a total of 364 incidents, and that number jumped last year to 607, about a 40% rise. Among those incidents, 156 were critical or major events that consumed more than 1,750 hours of downtime, a 69% increase in high-severity disruptions from 2024, when there were only 48 such cases.<\/p>\n

The need to patch software vulnerabilities also grew throughout 2025, according to the report. In all, vendors reported 236 security flaws that were patched across DevOps services, with 14 deemed critical, with a CVSS severity score of 9.0 or higher, and another 126 given high-severity ratings.<\/p>\n

In addition, there was a 30% increase in patched vulnerabilities between the first and second halves of the year, Kulikova wrote.<\/p>\n

Downtime Increases<\/h3>\n

The downtime caused by the growing number and severity of incidents was significant, according to the analysts. While the while there was the 21% increase in the number of incidents \u2013 from 502 in 2024 to 607 last year \u2013 and total downtime jumped almost 95%, from 4,755 hours to 9,225. The frequency of the disruptions didn\u2019t just grow, but became more difficult to resolve, they wrote.<\/p>\n

About 62% of the outages of DevOps platforms were driven by the degraded performance caused by attacks, according to GitProtect\u2019s numbers. That said, they accounted for only 34% of the total downtime. Maintenance that needed to be done following incidents \u2013 which made up only 4% of the total number of outages \u2013 consumed 30% of the lost time, showing that planned and unplanned maintenance was the primary reasons for platforms not being available.<\/p>\n

Some Things Stay the Same<\/h3>\n

There are some areas that didn\u2019t change much year-to-year, according to the report. The technology and software sectors were still the most targeted, with others like telecommunications, automotive, and education also in the crosshairs, and ransomware and extortion groups, such as Hellcat and Crimson Collective, were behind a large number of data breaches, which targeted high-profile companies like Red Hat, Nissan, and Europcar.<\/p>\n

\u201cAs attackers blend trusted platforms, hardware-aware evasion, malicious AI-generated code, and phishing-as-a-service into their arsenals, the 2025 threat landscape makes one thing clear: traditional perimeter defenses and reactive monitoring are no longer enough,\u201d Kulikova wrote. \u201cOrganizations need to ensure the resilience of their environment.\u201d<\/p>\n

Read More<\/a><\/p>\n

\u200b<\/p>","protected":false},"excerpt":{"rendered":"

Software developers, CI\/CD pipelines, and the tools they rely on are increasingly becoming attractive targets for threat groups. The number […]<\/p>\n","protected":false},"author":1,"featured_media":3951,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[5],"tags":[],"class_list":["post-3950","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops"],"_links":{"self":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/3950","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/comments?post=3950"}],"version-history":[{"count":0,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/3950\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media\/3951"}],"wp:attachment":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media?parent=3950"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/categories?post=3950"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/tags?post=3950"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}