‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking
ID: 1a413b51-ed13-53b1-bdd4-dd3585942eaa
STIX ID: report--1a413b51-ed13-53b1-bdd4-dd3585942eaa
Feed Name: HackRead
Threat Score
A security research firm, Novee, disclosed 'Cordyceps' — a class of CI/CD/GitHub Actions workflow vulnerabilities enabling anonymous actors to inject commands, poison artifacts, and escalate privileges across build pipelines. The flaw was validated in hundreds of repositories and in scenarios affecting Microsoft Azure Sentinel, Google Cloud projects, Cloudflare, Apache, and widely used Python tooling; findings were responsibly disclosed and fixes applied.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
