A new class of CI/CD workflow weakness enables attackers to use malicious pull requests to compromise software supply chains. Elad Meged, founding engineer and security researcher at ...
Security firm Novee has revealed Cordyceps as a class of exploitable CI/CD vulnerabilities across open-source repositories that allowed attackers to steal credentials, push malicious code, and ...