TechFlow News, June 25: Cybersecurity firm Novee announced in its latest research the discovery of a CI/CD supply chain vulnerability pattern named “Cordyceps,” primarily involving command injection, authentication logic flaws, artifact poisoning, and privilege escalation within GitHub Actions workflows. According to the report, unauthenticated users can exploit these vulnerabilities under specific conditions to hijack workflows, steal credentials, or gain control over code repositories.
Novee stated that after scanning approximately 30,000 high-impact open-source code repositories, it identified 654 repositories exhibiting related risks—over 300 of which were confirmed to be fully exploitable. The report cites several projects as examples, including Microsoft Azure Sentinel, Google’s AI Agent Development Kit sample repository, Apache Doris, Cloudflare Workers SDK, and Python Black. The research further notes that traditional security tools struggle to detect such cross-workflow, multi-step attack chains, and AI-powered code generation tools may accelerate the proliferation of insecure CI/CD configuration patterns.
