> TritonInfoSec News
Home / Jun 24, 2026 / Story
0
#8 Dark Reading general June 23, 2026 at 19:16 UTC

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

By Alexander Culafi

AI Summary

A newly identified CI/CD attack pattern dubbed 'Cordyceps' exploits malicious pull requests to compromise developer workflows, and has been found affecting repositories belonging to Microsoft (Azure Sentinel), Google (AI Agent Development Kit), Apache (Doris analytics database), Cloudflare (Workers SDK), and the Python Software Foundation (Black formatter). The weakness stems from unsafe use of the 'pull_request_target' workflow trigger, which grants elevated privileges to external contributor code. DevSecOps teams should audit all GitHub Actions workflows using this trigger and apply mitigations aligned with GitHub's June 18, 2026 actions/checkout update.

Read full article → https://www.darkreading.com/application-security/c…

Relevance score: 81.0/100

# More from June 24

  1. 1
    FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation The Hacker News
  2. 2
    Scattered Spider Hackers Plead Guilty on Day 1 of Trial Krebs on Security
  3. 3
    LastPass confirms data breach in Klue supply chain attack BleepingComputer
  4. 4
    Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration The Hacker News
  5. 5
    FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances SecurityWeek
  6. 6
    Five Eyes agencies sound alarm about AI’s threat to cybersecurity The Record
  7. 7
    FFmpeg fixes PixelSmash flaw in widely used video decoder BleepingComputer
  8. 9
    Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks BleepingComputer
  9. 10
    WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool The Hacker News