Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains. The "critical exploitable pattern" has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositories at dozens of the largest organizations worldwide, including Microsoft, Google, Apache, and

According to Novee Security, "Cordyceps" is a systemic class of CI/CD workflow flaws in GitHub Actions that allows unauthenticated or low-privilege attackers to hijack build and release pipelines, forge approvals, push malicious code, and steal credentials across more than 300 verified high-impact repositories at organizations including Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation.[2][3][4] The core issue is insecure trust boundaries and over-permissive workflow configurations on pull requests and comments, creating a critical software supply-chain exposure for open-source ecosystems such as npm, PyPI, crates, and Go.[2][3][4] From a CyberSE.AI perspective, these patterns directly translate to AI supply-chain risk: insecure CI/CD YAML, often partially generated or propagated by AI coding agents, can be abused to tamper with AI frameworks, SDKs, and agent tooling, meaning compromised dependencies can silently infect downstream AI systems and agents. Organizations should systematically audit CI/CD workflows, integrate SBOM-centric supply-chain reviews, and apply least-privilege and trust-boundary controls to all GitHub Actions and related pipelines to pre