// #cicd
4 articles
Golang crypto/ssh Mass Advisory: Nine CVEs Including CVSS 10.0 Re-Opened SSH Auth Bypass Affect Enterprise DevOps Infrastructure
The Go security team published a coordinated batch of nine CVE fixes for the golang.org/x/crypto SSH library on 22 May, including CVE-2026-46595 (CVSS 10.0), which re-opens a previously patched SSH authentication bypass for services using non-public-key authentication callbacks. Enterprise environments using Go-based SSH tooling, CI/CD pipelines, Kubernetes components, and cloud management tooling are affected.
AI Coding Agents in CI/CD Pipelines: Mapping the Attack Surface After Pwn2Own AI Category Results
The Pwn2Own Berlin 2026 AI category results — five products exploited — have a compounding implication for organisations where AI coding agents are integrated with CI/CD pipelines, code repositories, and cloud deployment infrastructure. An exploited AI agent running in a pipeline is not a developer workstation compromise; it is a supply chain entry point.
TeamPCP Backdoors LiteLLM on PyPI — AI Gateway Package With 3 Million Daily Downloads Compromised
The LiteLLM Python package — a widely-deployed AI gateway library with three million daily downloads — was backdoored on PyPI on 24 March by threat actor TeamPCP. Malicious versions 1.82.7 and 1.82.8 deployed a three-stage payload stealing cloud credentials, Kubernetes secrets, and CI/CD tokens from any system that installed the package during a 40-minute window.
Trivy Security Scanner Hijacked — 75 GitHub Action Tags Redirected to Credential Stealer
The widely-used Aqua Security Trivy vulnerability scanner was compromised in a supply chain attack that replaced 75 version tags in the official trivy-action and setup-trivy GitHub Actions with credential-stealing malware. Threat actor TeamPCP leveraged non-atomic secret rotation to retain access after an initial February compromise, launching a second attack wave on 19 March. Any CI/CD pipeline that ran trivy-action or setup-trivy during the compromise window may have had cloud credentials, API tokens, and SSH keys exfiltrated.