‘Cordyceps’: Malicious Pull Requests Threaten CI/CD Workflows Security researchers at Novee have disclosed a widespread CI/CD vulnerability class dubbed “Cordyceps,” named for the parasitic fungus known for hijacking its hosts. The weakness exploits overly permissive automated workflows triggered by pull requests, allowing any unauthenticated user — with nothing more than a free GitHub account — […] The post appeared first on .

Read the original article