A pervasive CI/CD vulnerability pattern dubbed “Cordyceps” reveals a supply chain vulnerability that lets unauthenticated attackers seize control of Git-based workflows and, by extension, the software artifacts they produce. The issue is not a single bug in GitHub or any one tool; it is a systemic class of insecure workflow compositions. Command injection, broken authentication […] The post Cordyceps Supply chain Vulnerability Impacting Code Repositories at thousands of Organizations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/cordyceps-supply-chain-vulnerability/
