2 reports · 2 sources · tracked since 4h ago

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

AI synthesis Cordyceps CI/CD workflow flaws allow attackers to hijack open-source supply chains, exposing 300+ GitHub repos and potentially millions more, researchers warn.

vulnerabilitysupply chain

Why this ranks Transparent score: 14

coverage +6 source breadth +4 urgency +0 freshness +4

What changed

Coverage timeline

Every report remains linked to its original publisher.

SecurityWeek Jun 24, 2026, 10:55 AM UTC First observed

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking ↗

The security defects allow unauthenticated users to take control of the open source software supply chain. The post Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking appeared first on SecurityWeek.
The Hacker News Jun 24, 2026, 12:48 PM UTC Coverage expanded

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks ↗

Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The "critical exploitable pattern" has been codenamed Cordyceps by Novee Security. The issue can allow full attacke...

Coverage timeline

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking ↗

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks ↗