DevOps breaches hit tech firms in trust chain attacks

DevOps breaches are increasingly impacting technology supply chains, according to GitProtect’s DevOps Threats Unwrapped Report 2026. The report identifies technology and software companies as the most frequently targeted sector, and highlights a set of incidents involving Jaguar Land Rover, Disney, Orange, Red Hat, and Nissan. It also points to a flaw that exposed private GitHub repositories associated with Microsoft, Google, IBM, PayPal, and Tencent. Across leading DevOps platforms, incidents rose by 21%, while total disruption time nearly doubled to 9,255 hours. Vendors patched 236 vulnerabilities in 2025, with 59% classified as high or critical. The report argues the main pattern is not only weak perimeter defenses, but misuse of trust inside software development ecosystems. Examples include Jaguar Land Rover’s Atlassian Jira breach via credentials stolen years earlier, taking 350 GB of data, and Red Hat-linked access to roughly 28,000 repositories, later linked to exposure of 21,000 customer records in Nissan’s case.