‘Cordyceps’: Mushrooming Malicious Pull Requests Threaten Developer Workflows

Dark Reading covered Novee Security's Cordyceps findings, highlighting how attackers can exploit CI/CD workflow weaknesses to hijack repositories at some of the world's largest organizations — no special privileges required.

Novee Marketing

1 min

Explore Article +

A new class of CI/CD workflow weakness enables attackers to use malicious pull requests to compromise software supply chains.

Elad Meged, founding engineer and security researcher at penetration-testing firm Novee, published a blog post today covering a weakness dubbed “Cordyceps” that exists across code repositories at organizations large and small. The issue behind Cordyceps involves pull requests — the type of request developers make when they want a software code change to be merged into the main repository.

Pull requests are, by design, open to developers that want to make open source software better, and merges are generally approved by a small group of maintainers or administrators, so the master code is updated safely. Novee alleges that the automated CI/CD workflows present in many repositories (i.e., the processes that exist between pull requests and merges) are weak from an access security perspective, and can be exploited by attackers in ways that create negative supply chain outcomes for users. 

Read the full article at Dark Reading→


Originally published in Dark Reading on Jun 23, 2026 by Alexander Culafi

Stay updated

Get the latest insights on AI, cybersecurity, and continuous pentesting delivered to your inbox