ByteBrief
We're a portrait publication through and through. Turn your phone back and your briefing picks up right where you left it.
(We tried widescreen once. It wasn't us.)
Novee Security disclosed Cordyceps, a CI/CD weakness affecting 300+ repositories from Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation. The attack exploits pull_request_target and workflow_run in GitHub Actions, using command injection, code injection, and cross-workflow privilege escalation. Scanners stay green because no single workflow file is wrong.
Tap to vote and see what everyone thinks.
Summary by ByteBrief
GitLost Flaw Leaks Private GitHub Repos