We wanted to provide you information about a security incident that we became aware of that affects customers who use the Aqua Security Vulnerability scanner (Trivy) across multiple distribution channels including Docker Hub, GitHub, and npm. Between 18:24 UTC on March 19, 2026 and 01:36 UTC on March 23, 2026, Docker Hub customers who pulled the Trivy images with the 0.69.4, 0.69.5, 0.69.6, and latest tags may have had their CI/CD secrets, cloud credentials, SSH keys, and Docker configurations compromised. Around 08:00 UTC on March 23, 2026, Docker worked with Aqua Security to remove these compromised scanner image versions. If…
Author: drweb
At the recent Redgate Summit in Chicago, I demo’d (lightly) the ML based Alert thresholds in Redgate Monitor and decided to write a little about this.This is part of a series of posts on Redgate Monitor. Click to see the other posts.Noisy AlertsWhen people used to setup Redgate Monitor in the 2015 timeframe (formerly SQL Monitor) they sometimes complained about the noisiness of the alerts. Just too many alerts were sent out.I felt this way about other products I’d used in the past, and our dev teams worked hard with support to enhance the produce and tune our defaults to…
PagerDuty has extended the capabilities and reach of its artificial intelligence (AI) agents to enable them to be invoked directly from within the Slack messaging platform. Additionally, the AI SRE Agent that is embedded within the PagerDuty Operations Cloud platform can now also leverage the Model Context Protocol (MCP) and an expanded library of application programming interfaces (APIs) to automatically respond to incidents by invoking more than 30 AI tools commonly used by DevOps teams, including coding tools from Anthropic, Cursor and LangChain. David Williams, senior vice president of product for PagerDuty, said those capabilities make it simpler for AI…
Senior PHP Full-Stack Developer
According to the 2025 DORA State of DevOps report, three out of four developers now use AI coding tools daily. That number keeps climbing. By the end of 2026, over 80% of individual developers will rely on AI assistants to write, review and refactor code. But here’s the problem: The same research found that as AI usage increases, delivery stability tends to decrease. Code ships faster than governance can follow. When developers start accepting AI-generated suggestions without fully understanding subtle issues buried in the logic, the understanding gap between writing code and comprehending its production impact widens. In other words, speed without…
Whether the DevOps shops like it or not, they are feeling the pressure from AI. They’re expected to move more quickly, alongside their dev counterparts. The gruntwork that used to take weeks can be automated away, leaving time for fast prototyping, so the managers think. According to Google Cloud’s 2025 DORA State of AI-assisted Software Development Report, 90% of developers now use AI tools, and 25% are now working alongside AI assistants. Users of the Spacelift Infrastructure-as-Code platform now have some help with this automation, thanks to a new feature offering a conversational interface that purports to explain what is…
In this episode, we have special guest Paul Everitt on the show to discuss the new Python Documentary that was released last week. Paul is the head of developer advocacy at JetBrains and a “Python oldster”. We chat about Python – the documentary, Paul’s start in programming as well as with Python, and much, much more! Links
A coalition of major tech companies has committed $12.5 million to strengthen the security of open source software, an effort aimed at coordinating responses to the growing pressures created by AI. The funding is provided by Anthropic, AWS, GitHub, Google, Microsoft and OpenAI. It will be administered by the Linux Foundation through its Alpha-Omega Project and the Open Source Security Foundation (OpenSSF). The funding arrives at a moment when AI tools are reshaping both software development and cybersecurity. Automated systems can now identify vulnerabilities at a scale that was previously unattainable. While that offers huge benefits, it also creates new…
Have you ever thought to yourself: “Wouldn’t it be nice to run Jupyter Notebooks in my terminal?” Well, you’re in luck. The new Erys project not only makes running Jupyter Notebooks in your terminal a reality, but Erys also lets you create and edit the notebooks in your terminal! Erys is written using the fantastic Textual package. While Textual handles the front-end in much the same way as your browser would normally do, the jupyter-client handles the backend, which executes your code and manages your kernel. Let’s spend a few moments learning more about Erys and taking it for a…
Austin, TX, USA, March 19th, 2026, CyberNewswire New Report Highlights Surge in Exposed API Keys, Session Tokens, and Machine Identities, and more. SpyCloud, the leader in identity threat protection, today released its annual 2026 Identity Exposure Report, one of the most comprehensive analyses of stolen credentials and identity exposure data circulating in the criminal underground and highlighting a sharp expansion in non-human identity (NHI) exposure. Last year, SpyCloud saw a 23% increase in its recaptured identity datalake, which now totals 65.7B distinct identity records. The report shows attackers are increasingly targeting machine identities and authenticated session artifacts in addition to…