CyberSecurity News
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
AI summary
Cybersecurity researchers have identified a new type of vulnerability in CI/CD workflows that can be exploited to compromise open-source supply chains. This weakness, referred to as Cordyceps, enables attackers to take control of workflows. The issue poses a significant risk, potentially allowing attackers to gain full control of repositories. Dozens of major organizations, including Microsoft, Google, and Apache, are affected, with over 300 GitHub repositories exposed to supply-chain attacks.
This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.