PANews
PANews|Jun 25, 2026 06:52
[High-Risk CI/CD Vulnerability Named 'Cordyceps' Exposed, Affecting Open Source Repositories of Major Companies Like Microsoft and Google] SlowMist Chief Information Security Officer 23pds published an article stating that researchers have uncovered a high-risk CI/CD vulnerability named 'Cordyceps.' Open source repositories of major companies such as Microsoft, Google, Apache, and Cloudflare have all been confirmed to be affected. Attackers, without using corporate accounts or any system permissions, can simply register a free GitHub account, submit a malicious PR, leave a comment, and thereby forge approvals, steal server keys, push malicious code, and gain complete control over corporate code repositories.
+2
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads