PANews|Jun 25, 2026 06:52
[High-Risk CI/CD Vulnerability Named 'Cordyceps' Exposed, Affecting Open Source Repositories of Major Companies Like Microsoft and Google]
SlowMist Chief Information Security Officer 23pds published an article stating that researchers have uncovered a high-risk CI/CD vulnerability named 'Cordyceps.' Open source repositories of major companies such as Microsoft, Google, Apache, and Cloudflare have all been confirmed to be affected. Attackers, without using corporate accounts or any system permissions, can simply register a free GitHub account, submit a malicious PR, leave a comment, and thereby forge approvals, steal server keys, push malicious code, and gain complete control over corporate code repositories.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink