Novee Security reveals Cordyceps, a CI/CD vulnerability in GitHub Actions workflows that let anonymous users poison builds and expose tokens across major projects today.
First seen on hackread.com
Jump to article: hackread.com/cordyceps-ci-cd-flaw-microsoft-google-apache-repos-hijack/
