A newly identified class of vulnerabilities in Continuous Integration/Continuous Deployment (CI/CD) workflows, codenamed Cordyceps, poses a significant threat to open-source supply chains, potentially allowing attackers to seize control of over 300 GitHub repositories1. This exploitable pattern, discovered by Novee Security, can grant full control to attackers, compromising the security of repositories belonging to major organizations such as Microsoft, Google, and Apache. The Cordyceps flaw enables hijacking of CI/CD workflows, which can have devastating consequences for the integrity of software development pipelines. As a result, attackers can inject malicious code, steal sensitive data, or disrupt the development process. This vulnerability underscores the importance of securing CI/CD workflows to prevent supply-chain attacks, making it crucial for developers and security teams to take immediate action to mitigate this risk.
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
⚡ High Priority
Why This Matters
The issue can allow full attacker control of repositories at dozens of the largest organizations worldwide, including Microsoft, Google, Apache, and
References
- The Hacker News. (2026, June 24). Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks. *The Hacker News*. https://thehackernews.com/2026/06/cordyceps-cicd-flaws-expose-300-github.html
Original Source
The Hacker News
Read original →