据 ChainCatcher 报道,慢雾首席信息安全官 23pds 发文称,研究员曝光一类名为 Cordyceps 的 CI/CD 高危风险,微软、谷歌、Apache、Cloudflare 等企业的开源仓库在测试中受影响。
其称,攻击者无需企业账号或系统权限,仅注册免费 GitHub 账号,通过提交恶意 PR 并发表评论,可伪造审批、窃取服务器密钥并推送恶意代码,从而控制企业代码仓库。
慢雾CISO:Cordyceps CI/CD漏洞可伪造审批
2026-06-25 07:03:49
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
匈牙利国债大涨令收益率逼近英国
