CyberSecurity News
'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows
AI summary
A vulnerability in CI/CD workflows is being exploited through malicious pull requests, dubbed Cordyceps. This issue affects several prominent projects, including Microsoft's Azure Sentinel and Google's AI Agent Development Kit. Other impacted projects include Apache's Doris analytics database, Cloudflare's Workers SDK, and Python Software Foundation's Black. These malicious pull requests pose a threat to developer workflows. The affected projects are notable for their widespread use and importance in the development community.
This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to Dark Reading.