Cybersecurity researchers have flagged a new class of CI/CD
workflow weakness that allows attackers to hijack workflows and
compromise open-source supply chains. The "critical exploitable
pattern" has been codenamed Cordyceps by Novee Security. The issue
can allow full attacker control of repositories at dozens of the
largest organizations worldwide, including Microsoft, Google,
Apache, and
Read more https://thehackernews.com/2026/06/cordyceps-cicd-flaws-expose-300-github.html
