Utopia Tech
Security1 min read

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The "critical exploitable pattern" has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositories at dozens of the largest organizations worldwide, including Microsoft, Google

UT

Utopia Tech

June 24, 2026 · 1 min read

Share

Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The "critical exploitable pattern" has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositories at dozens of the largest organizations worldwide, including Microsoft, Google, Apache, and

Originally published at thehackernews.com

#Cybersecurity#Malware#Vulnerabilities
Share
▸ Want a deeper look?

Talk to an architect about applying this to your stack.

60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.

Schedule the call
▸ Continue reading

More from the journal

Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
Security

Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered

1 min read

More Malicious OpenClaw Skills Threaten AI Supply Chain
Security

More Malicious OpenClaw Skills Threaten AI Supply Chain

1 min read

Dawn of the Apex Agentic Adversary
Security

Dawn of the Apex Agentic Adversary

1 min read

All posts
Skip to main content