
GitHub Supply Chain Attacks, Railway’s GCP Outage, Discord’s Voice Failure, AWS Retry Changes, and Trusted Tool Risk
From Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News by Teller's Tech - DevOps, SRE and Cloud Podcast
May 29, 2026 · 24 min · Episode 43
About this episode
This episode discusses the increasing risks of trusted tools in production, covering various outages and security incidents.
This episode of Ship It Weekly is about trusted tools becoming production dependencies. Brian covers a rough GitHub supply chain week, including the compromised Nx Console VS Code extension tied to exposed GitHub internal repositories and the Megalodon campaign abusing GitHub Actions workflows across thousands of public repos. The bigger thread this week is that the tools around production are increasingly part of production. Brian also covers Railway’s GCP account suspension outage, Discord’s voice outage during a Kubernetes migration, AWS changing SDK retry behavior, CVE-2026-9133 in the RabbitMQ AWS plugin, and a Reddit story about stolen AWS keys turning into a $14,000 Bedrock bill. Brian also touches on OpenTelemetry graduating from the CNCF, Claude Code security risk, GitLab Secrets Manager, Google Cloud AI spend caps, and a Redshift Python driver RCE. Full source list and extra links are available on this episode’s page at shipitweekly.fm . Links Nx Console compromise https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised Megalodon GitHub Actions attack…
People in this episode
Host: Brian
Topics covered
- supply chain attacks
- cloud outages
- DevOps tools
- production dependencies
- security risks
- AWS changes
- Kubernetes migration
Keywords
- GitHub
- supply chain
- Railway
- Discord
- AWS
- OpenTelemetry
- security
- cloud engineering
- DevOps
Mentioned in this episode
Organizations: GitHub, Railway, Discord, AWS, OpenTelemetry, CNCF, GitLab, Google Cloud, Redshift
Products: Nx Console VS Code extension, RabbitMQ AWS plugin, Bedrock
More episodes of Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News
- Coinbase Outage, Meta AI Account Recovery, AWS AgentCore Code Injection, Apigee Tenant Isolation, and the Glue That Breaks Production · June 12, 2026 · 23 min
- Kiro CLI Approval Bypass, Amazon Braket Pickle Risk, AWS Org Logging, KEDA Upgrades, and Automation’s Hidden Boundaries · June 5, 2026 · 20 min
- Ship It Conversations: Jake Warner on Cycle.io, Bare Metal’s Comeback, and Why Private Cloud Is Getting Interesting Again · May 26, 2026 · 36 min
- CISA’s GitHub Leak, AI Root Cause Analysis, Copilot Agents, Claude Code in CI/CD, and Kubernetes Seccomp Risk · May 22, 2026 · 22 min
- AI Agents Get API Access and Identity: GitHub Copilot Cloud Agents, MCP Auth, Ansible Automation, OpenAI Daybreak, and the New Production Risk · May 14, 2026 · 23 min
- Cursor Deletes PocketOS Prod DB, .de DNSSEC Outage, Bluesky Postmortem, Argo CD, and Copy Fail · May 8, 2026 · 22 min
Explore listener stats, chart rankings, contacts and more on the Ship It Weekly - DevOps, SRE, Platform and Cloud Engineering News podcast page.