Dark Reading

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

By targeting the automated workflows around repositories with targeted pull requests, attackers can potentially target ...
The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
The Hacker News

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub’s actions/checkout v7 now blocks risky fork PR checkouts in privileged workflows to reduce common pwn request attacks.