DevOps platforms logged 330 incidents in H1 2025 amid broad cloud service disruption
Trend
Summary
Hide ▲
Show ▼
DevOps platforms saw 330 incidents in first half of 2025, signaling a broader reliability problem across the software delivery stack. The trend matters because outages and degradations can stall development pipelines, block code reviews, and delay releases across multiple teams. Azure DevOps, GitHub, and GitLab were all affected, with some disruptions lasting hours or even days. The pattern shows that shared cloud development services are becoming a more consequential operational single point of failure.
Related Happenings
Microsoft May 2026 Patch Tuesday release
Security Patch Release
H score44
First: 13.05.2026 13:36
Last: 13.05.2026 13:36
Sources 1
About this happening:
Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Microsoft May 2026 Patch Tuesday release
Security Patch ReleaseAbout this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Latest development: 01.06.2026 15:30
Belgium's Centre for Cybersecurity warned that CVE-2026-41089 in Windows Netlogon is being actively exploited in the wild after Microsoft patched the stack-based buffer overflow during the May 2026 Patch Tuesday. The flaw affects all currently supported Windows Server versions, including Windows Server 2025, and can let an unauthenticated attacker gain remote code execution on targeted domain controllers.
Mini Shai-Hulud supply-chain campaign targeting npm and PyPI
Campaign
H score45
First: 12.05.2026 17:45
Last: 12.05.2026 17:45
Sources 1
About this happening:
The **Mini Shai-Hulud** **supply-chain campaign** linked to **TeamPCP** expanded into downstream victim reporting, including **Grafana Labs**. Grafana said its **GitHub environmen...
Mini Shai-Hulud supply-chain campaign targeting npm and PyPI
CampaignAbout this happening: The **Mini Shai-Hulud** **supply-chain campaign** linked to **TeamPCP** expanded into downstream victim reporting, including **Grafana Labs**. Grafana said its **GitHub environmen...
Latest development: 21.05.2026 11:00
Grafana Labs said its GitHub environment was accessed and its codebase downloaded, with additional internal operational information taken from GitHub repositories, after compromise linked to the Mini Shai-Hulud campaign and TanStack npm packages. Grafana said it first spotted malicious activity on May 11, discovered the unauthorized download on May 17, and after contact from the ransom gang rotated automation tokens, enabled enhanced monitoring, audited commits since the May 11 incident, and hardened its GitHub security posture, while saying there is no indication customer production systems or operations were compromised.
TanStack hit by network compromise
Incident
H score29
First: 12.05.2026 17:45
Last: 12.05.2026 17:45
Sources 1
About this happening:
**TanStack** was hit by a **package compromise** on **May 11, 2026**, when attackers published **84 malicious versions** across **42 @tanstack/* packages** and abused the release...
TanStack hit by network compromise
IncidentAbout this happening: **TanStack** was hit by a **package compromise** on **May 11, 2026**, when attackers published **84 malicious versions** across **42 @tanstack/* packages** and abused the release...
Latest development: 21.05.2026 11:00
On May 17, 2026, Grafana Labs said an unauthorized attacker had downloaded its codebase after accessing the firm's GitHub environment, and the company later said additional internal operational information and business contact names and email addresses were taken from its GitHub repositories; Grafana Labs said there was no indication that customer production systems or the Grafana Cloud platform were compromised.
Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials
Campaign
H score56
First: 12.05.2026 14:29
Last: 12.05.2026 14:29
Sources 1
About this happening:
The **Shai-Hulud** **supply-chain campaign** now includes a fresh **PyPI** wave that compromised **19 packages** across **37 malicious releases**, with popular bioinformatics tool...
Shai-Hulud supply-chain campaign spreading via stolen CI/CD credentials
CampaignAbout this happening: The **Shai-Hulud** **supply-chain campaign** now includes a fresh **PyPI** wave that compromised **19 packages** across **37 malicious releases**, with popular bioinformatics tool...
Mini Shai-Hulud npm supply-chain malware wave
Malware Activity
H score68
First: 12.05.2026 14:07
Last: 12.05.2026 14:07
Sources 1
How related:
In some ways, the Shai-Hulud worm caused such an outage — the pollution of the Node package manager (npm) ecosystem by the worm resulted in the compromise of 500+ packages and a massive clean-up effort that stalled many developers.
About this happening:
The **Mini Shai-Hulud** npm **malware activity** now includes the **Miasma** variant affecting **Microsoft GitHub repositories** in a self-replicating **supply-chain campaign**. O...
Mini Shai-Hulud npm supply-chain malware wave
Malware ActivityHow related: In some ways, the Shai-Hulud worm caused such an outage — the pollution of the Node package manager (npm) ecosystem by the worm resulted in the compromise of 500+ packages and a massive clean-up effort that stalled many developers.
About this happening: The **Mini Shai-Hulud** npm **malware activity** now includes the **Miasma** variant affecting **Microsoft GitHub repositories** in a self-replicating **supply-chain campaign**. O...
Latest development: 09.06.2026 18:42
On June 5, Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub after concerns about potential malicious content tied to the Miasma/Shai-Hulud supply-chain campaign. The action disrupted continuous integration pipelines and broke workflows that depended on Azure/functions-action, while Microsoft said it temporarily removed some repositories during its investigation.
Timeline
-
25.09.2025 16:39 1 articles · 9mo ago
Anthropic Claude.ai, Console and API outage
Initial DisclosureAnthropic's Claude.ai and Console services, together with the associated API, suffered a system-wide outage on September 10 that lasted about half an hour. The disruption temporarily affected AI-assisted coding workflows and prompted users to report fallback to manual coding.
Show sources
- How Cloud Service Disruptions Are Making Resilience Critical for Developers — www.darkreading.com — 25.09.2025 16:39
-
25.09.2025 16:39 2 articles · 9mo ago
DevOps platforms logged 330 incidents in H1 2025
Industry Or Public Sector UpdateDevOps platforms suffered 330 incidents in the first half of 2025, including 74 incidents for Azure DevOps with one degradation lasting 159 hours, 109 reported GitHub incidents with 17 major cases totaling over 100 hours of disruption, and 59 GitLab incidents with 1,346 hours of disruption. The broader pattern shows recurring outages and degradations across shared development infrastructure that can stall pipelines, block code reviews, and delay releases for software teams.
Show sources
- How Cloud Service Disruptions Are Making Resilience Critical for Developers — www.darkreading.com — 25.09.2025 16:39
- How Cloud Service Disruptions Are Making Resilience Critical for Developers — www.darkreading.com — 25.09.2025 16:39