A critical CI/CD vulnerability named 'Cordyceps' has been uncovered, affecting open-source repositories of major enterprises including Microsoft, Google, Apache, and Cloudflare. According to SlowMist's Chief Information Security Officer, 23pds, attackers can exploit this vulnerability without needing corporate accounts or system permissions. By simply registering a free GitHub account, submitting a malicious pull request, and leaving a comment, attackers can forge approvals, steal server keys, inject malicious code, and potentially take over a company's code repository.
High-Risk CI/CD Vulnerability 'Cordyceps' Threatens Major Tech Firms
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.