Tag
#ci-cd
4 stories taggedci-cd.

Vulnerabilities
Cordyceps Flaw Class Hands Attackers the Keys to 300+ GitHub Repos
A newly catalogued CI/CD weakness lets attackers hijack workflows at Microsoft, Google and Apache projects, researchers say.
2 min

Threat Intelligence
ClickFix Campaign Turns Google Ads, GitLab, and Claude Into a Six-Wave Trust Machine
Attackers chained legitimate infrastructure across seven weeks to push malicious PowerShell commands to developers. Session tokens, SSH keys, and cloud credentials were the prize.
3 min

AI Security
French Startup Edamame Builds Runtime Watch for AI Coding Agents
The platform uses host telemetry and AI analysis to flag intent drift, secret theft, and supply-chain interference — in real time, before the damage lands.
2 min

Threat Intelligence
Megalodon Campaign Plants Malicious Workflows in 5,561 GitHub Repos in Six Hours
Throwaway accounts pushed 5,718 commits forging build-bot identities to exfiltrate CI/CD secrets, researchers said.
2 min