LodeHQSubscribe →

Claude Code, Miasma attack, Copy Fail exploit

DevOps · 2026-06-03

CI/CD & Automation
Anthropic launches Claude Code dynamic workflows for large‑scale DevOps automation4 MIN

Claude Code now supports dynamic workflows that spin up hundreds of parallel sub‑agents, letting it tackle multi‑step tasks like code‑wide audits, massive migrations, and security verifications that were previously too complex for a single AI. Early adopters report faster bug hunts and a full Rust port of Bun completed in eleven days.

Containers & Orchestration
Bare pods reveal hidden Kubernetes scheduling and cleanup bugs8 MIN

The blog details how SimKube’s support for bare Kubernetes pods, pods without owning controllers, exposes edge‑case failures in scheduling, eviction and cleanup. These hidden bugs can cause resource leaks and unpredictable behavior in large‑scale clusters, prompting fixes that improve reliability for teams using pure pod workloads.

Cloud & Platform Engineering
tf-summarize CLI breaks Terraform plan by resource type for faster reviews3 MIN

tf‑summarize is an open‑source command‑line tool that parses a Terraform plan and groups changes by resource type, letting you see how many IAM, EC2, or other resources will be added, changed, or removed. The concise summary speeds up large plan reviews and can output plain, tree, JSON or markdown formats.

DevSecOps
Miasma supply chain attack hijacks 32 Red Hat npm packages, stealing CI/CD credentials5 MIN

On June 1 2026, researchers at Aikido discovered that 32 @redhat‑cloud‑services npm packages were backdoored with a credential‑stealing worm dubbed “Miasma”, a Shai‑Hulud variant. The malicious versions, published via compromised GitHub Actions OIDC tokens, have been downloaded over 100 k times, prompting immediate rotation of cloud and CI secrets.

Copy Fail (CVE‑2026‑31431) Enables Root Escalation on Shared CI/CD Build Hosts7 MIN

The newly disclosed ‘Copy Fail’ Linux kernel flaw (CVE‑2026‑31431) lets any unprivileged user corrupt a file cache and gain root privileges. Listed in the CISA KEV catalog, it threatens shared build servers and container workloads, prompting immediate patching and detection guidance for CI/CD pipelines.

Red Hat shows OpenShift’s layered defenses stop page‑cache attacks despite vulnerable kernels7 MIN

Red Hat’s analysis of recent page‑cache privilege‑escalation bugs, including Copy‑Fail (CVE‑2026‑31431) and Fragnesia, demonstrates that, even when a pod gains root on a vulnerable kernel, OpenShift’s defense‑in‑depth prevents container escape. The recurring exploit pattern highlights the need for layered security rather than chasing individual CVEs.

Get DevOps in your inbox, every issue.
Subscribe free
Privacy · Terms · About · Contact
© 2026 LodeHQ