Live News
CRITICAL
Hot 85%
Blockchain

Critical Cordyceps Vulnerability Threatens Millions of GitHub Repositories

Critical Cordyceps vulnerability discovered affecting thousands of GitHub repositories including Microsoft, Google, and Cloudflare; over 300 projects confirmed exploitable.

Telegram

Researchers have discovered a critical vulnerability affecting thousands of open-source projects hosted on GitHub, including repositories from Microsoft, Google, Apache, and Cloudflare. The Cordyceps vulnerability enables attackers to compromise CI/CD pipelines, execute arbitrary code, steal credentials, and potentially inject malicious updates into widely-used software projects.

Analysis of approximately 30,000 popular repositories identified 654 potentially vulnerable projects, with more than 300 confirming real-world exploitation potential. The vulnerability's systemic nature suggests it could affect millions of additional repositories across the platform, posing significant supply-chain risks to enterprises and developers relying on open-source dependencies.

The threat remains difficult to detect using conventional security tools because the vulnerability emerges from interactions between multiple CI/CD processes rather than isolated code vulnerabilities. This detection gap creates a heightened risk window for malicious actors targeting critical infrastructure and cryptocurrency projects that depend on secure code repositories and deployment pipelines.

Related News

Stay updated with the latest crypto news

Subscribe to Our Newsletter

Get the latest crypto news and market analysis delivered to your inbox.

Published on

Updated on