SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
The Hacker News

Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks

Researchers found Cordyceps CI/CD flaws affecting 300+ repositories, enabling code execution, credential theft, and supply ...
Dark Reading

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

A new class of CI/CD workflow weakness enables attackers to use malicious pull requests to compromise software supply chains. Elad Meged, founding engineer and security researcher at ...
Microsoft

Securing CI/CD in an agentic world: Claude Code Github action case

Microsoft Threat Intelligence discovered that Anthropic’s Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull ...
The Hacker News

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Microsoft has identified an active supply chain attack targeting the @antv node package manager (npm) package ecosystem. A threat actor compromised an @antv maintainer account and published malicious ...
TheServerSide

Free website hosting with GitHub Pages tutorial

There are various popular options for free website hosting, but for developers who are already familiar with Git and the GitHub ecosystem it simply makes sense to use GitHub Pages. This quick GitHub ...
InfoQ

How GitHub Is Securing Agentic Workflows in Modern CI CD Systems

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
IEEE

Gemini Powered CI/CD Insights: An AI Agent for Real-Time Pipeline Analysis Using Natural Language Commands

Abstract: In today's fast-paced world of software delivery, keeping an eye on everything is more important than ever, especially when it comes to Continuous Integration and Continuous Deployment ...
TechCrunch

Anthropic took down thousands of GitHub repos trying to yank its leaked source code — a move the company says was an accident

Anthropic accidentally caused thousands of code repositories on GitHub to be taken down while trying to pull copies of its most popular product’s source code off the internet. On Tuesday, a software ...
winbuzzer.com

GitHub Agentic Workflows Enter Technical Preview for CI/CD AI

GitHub has launched Agentic Workflows into technical preview, letting AI agents handle repository tasks automatically inside GitHub Actions under a framework the company calls continuous AI. Developed ...
Visual Studio Magazine

Threats from the Shadows: Securing the CI/CD Pipeline Against Modern Attacks

Understand how hidden vulnerabilities in CI/CD pipelines and package dependencies can be exploited by attackers. Learn practical, actionable strategies to secure your software supply chain and ...