Tag

#ci-cd

2 posts tagged #ci-cd.

Analysis · May 12, 2026 · analysis-desk

What 14 days of TeamPCP told us about registry defense in 2026

Five compromises across two ecosystems in six weeks, then a 169-package npm wave on May 11. One threat actor, two very different defensive postures. The pattern is the point.
Analysis · May 5, 2026 · The Field Notes Desk

TeamCity's path traversal took two years to reach KEV. That's a long time to leave a CI server exposed.

CVE-2024-27199, a path traversal in JetBrains TeamCity On-Premises, was patched in March 2024 and exploited by BianLian ransomware within days. CISA added it to KEV in April 2026 with a May 4 federal deadline. If you're still below 2023.11.4, this is two years overdue.