HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply‑Chain Attacks

A newly disclosed CI/CD workflow weakness, dubbed Cordyceps, enables attackers to take over GitHub repositories across 300+ projects, including code owned by Microsoft and Google. The flaw highlights the need for SOC 2‑aligned control mapping and continuous evidence collection to prove pipeline integrity.

LiveThreat™ Intelligence · 📅 June 24, 2026· 📰 thehackernews.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
thehackernews.com

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply‑Chain Attacks

What Happened – Researchers at Novee Security identified a repeatable CI/CD workflow pattern, dubbed Cordyceps, that lets an attacker hijack build pipelines and gain full control of GitHub repositories. The flaw affects more than 300 open‑source projects, including codebases owned by Microsoft, Google, Apache and dozens of other large organizations.

Why It Matters for Compliance & Audit Readiness

  • The scenario maps directly to SOC 2 CC6.1 (System Operations) and CC7.2 (Change Management) – controls that require documented, repeatable processes and continuous evidence of proper configuration.
  • Continuous‑compliance programs must be able to detect, log, and remediate misconfigurations in CI/CD pipelines before they become a supply‑chain foothold.
  • Verisq’s Control Mapping capability can automatically map CI/CD security controls to SOC 2 criteria and collect immutable evidence for audit reviewers.

Who Is Affected – Technology / SaaS vendors, cloud‑infrastructure providers, open‑source maintainers, and any organization that relies on automated CI/CD pipelines for code delivery.

Recommended Actions

  • Map your CI/CD workflow controls to SOC 2 CC6.1 and CC7.2, documenting each step and required approvals.
  • Deploy continuous monitoring of pipeline configurations (e.g., secret scanning, permission checks) and retain immutable logs as audit evidence.
  • Conduct a rapid inventory of all GitHub repositories linked to your pipelines; remediate any over‑privileged tokens or unchecked scripts.

Source: The Hacker News

Technical Notes

  • Attack vector: Misconfigured CI/CD workflow that permits arbitrary code execution during build steps.
  • No public CVE assigned yet; the pattern is described in a security advisory by Novee Security.
  • Data at risk includes source code, proprietary algorithms, and any embedded secrets (API keys, credentials).

Source: same as above

📰 Original Source
https://thehackernews.com/2026/06/cordyceps-cicd-flaws-expose-300-github.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →