<p>This episode of <strong>Ship It Weekly</strong> is about trusted tools becoming production dependencies. Brian covers a rough GitHub supply chain week, including the compromised Nx Console VS Code extension tied to exposed GitHub internal repositories and the Megalodon campaign abusing GitHub Actions workflows across thousands of public repos.</p><p>The bigger thread this week is that the tools around production are increasingly part of production. Brian also covers Railway’s GCP account suspension outage, Discord’s voice outage during a Kubernetes migration, AWS changing SDK retry behavior, CVE-2026-9133 in the RabbitMQ AWS plugin, and a Reddit story about stolen AWS keys turning into a $14,000 Bedrock bill.</p><p>Brian also touches on OpenTelemetry graduating from the CNCF, Claude Code security risk, GitLab Secrets Manager, Google Cloud AI spend caps, and a Redshift Python driver RCE.</p><p></p><p><strong>Full source list and extra links are available on this episode’s page at </strong><a target="_blank" rel="noopener noreferrer nofollow" href="http://shipitweekly.fm"><strong>shipitweekly.fm</strong></a><strong>.</strong></p><p></p><p><strong>Links</strong></p><p>Nx Console compromise <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised">https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised</a></p><p>Megalodon GitHub Actions attack <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.stepsecurity.io/blog/megalodon-mass-github-actions-secret-exfiltration-across-5-500-public-repositories">https://www.stepsecurity.io/blog/megalodon-mass-github-actions-secret-exfiltration-across-5-500-public-repositories</a></p><p>Railway GCP outage <a target="_blank" rel="noopener noreferrer nofollow" href="https://blog.railway.com/p/incident-report-may-19-2026-gcp-account-outage">https://blog.railway.com/p/incident-report-may-19-2026-gcp-account-outage</a></p><p>Discord voice outage <a target="_blank" rel="noopener noreferrer nofollow" href="https://discord.com/blog/behind-the-scenes-of-the-3-25-26-voice-outage">https://discord.com/blog/behind-the-scenes-of-the-3-25-26-voice-outage</a></p><p>AWS SDK retry changes <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/blogs/developer/announcing-updated-retry-behavior-for-aws-sdks-and-tools/">https://aws.amazon.com/blogs/developer/announcing-updated-retry-behavior-for-aws-sdks-and-tools/</a></p><p>RabbitMQ AWS plugin CVE-2026-9133 <a target="_blank" rel="noopener noreferrer nofollow" href="https://aws.amazon.com/security/security-bulletins/2026-034-aws/">https://aws.amazon.com/security/security-bulletins/2026-034-aws/</a></p><p>AWS Bedrock cost spike Reddit thread <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.reddit.com/r/aws/comments/1tm3ydo/aws_bedrock_cost_spike_14000_usd/">https://www.reddit.com/r/aws/comments/1tm3ydo/aws_bedrock_cost_spike_14000_usd/</a></p><p>This week’s On Call Brief <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.tellerstech.com/on-call-brief/2026-W22/">https://www.tellerstech.com/on-call-brief/2026-W22/</a></p><p>More episodes and show notes <a target="_blank" rel="noopener noreferrer nofollow" href="https://shipitweekly.fm/">https://shipitweekly.fm/</a></p>