BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Critical CI/CD Flaw ‘Cordyceps’ Hijacks Repos

Cordyceps flaw exploits CI/CD workflows, hijacking major software repositories and supply chains.

  • A new critical flaw dubbed Cordyceps threatens open-source software supply chains.
  • The vulnerability allows unauthenticated attackers to hijack CI/CD workflows and execute code.
  • Major organizations including Microsoft, Google, and Apache have been impacted.
  • Over 300 high-impact repositories were found to be fully exploitable.
  • The issue stems from weak CI/CD configurations that grant excessive permissions to pull requests.

Cybersecurity researchers have identified a severe new vulnerability pattern that enables attackers to compromise critical open-source infrastructure, a discovery detailed by Novee Security on June 24, 2026. The weakness, codenamed Cordyceps, exploits misconfigured CI/CD workflows to gain control over code repositories at dozens of the world’s largest tech firms.

- Advertisement -

According to the security firm’s report, the flaw is exploitable by anyone with a free account and no special privileges. Consequently, it allows attackers to forge approvals, push malicious code, or steal credentials directly from the CI environment.

This supply chain vulnerability exists in the foundational plumbing that the entire software industry relies upon. However, the problem often evades scanners because each individual component functions as designed, with the vulnerability emerging only in their insecure composition.

For example, a single comment on a pull request for Microsoft‘s Azure Sentinel could execute attacker code and steal a permanent GitHub App key. Meanwhile, a similar attack on Google‘s AI Agent Development Kit could grant an attacker complete authority over a Google Cloud repository.

Other notable findings include vulnerabilities in Apache Doris, Cloudflare Workers SDK, and the Python Software Foundation’s Black project. Following responsible disclosure, impacted organizations have confirmed the issues and applied patches.

- Advertisement -

Elad Meged, a founding engineer at Novee Security, said the nature of agentic coding means these vulnerabilities reproduce persistently and at scale. “We like to think of it as ‘puppeteering’ the repositories of some of the world’s biggest companies, silently manipulating their workflows,” he explained.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

OpenAI Questions Merit of Apple’s Trade Secrets Suit

Apple accused OpenAI of targeting current and former employees to obtain confidential documents, designs,...

Senate to vote on crypto bill amid ethics corruption debate

The US Senate is expected to vote before August 10 on the CLARITY Act,...

IBM shares plummet 25% after earnings miss, worst drop in decades

IBM shares plunged up to 25% on Tuesday after missing Q2 earnings expectations, marking...

DeepMind CEO: AGI just years away, demands new US safety tests

Google DeepMind CEO Demis Hassabis predicts AGI will arrive within a few years, comparing...

Warsh: No Stablecoin Bailout, GENIUS Act Deadline Near

Federal Reserve Chair Kevin Warsh told lawmakers the central bank will not bail out...

Must Read

9 DePIN Programs For Passive Income

Here’s something most people don’t realize: your smartphone and PC can generate passive income with almost no effort.I’m not talking about clicking ads for...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading