Dark Reading

'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

By targeting the automated workflows around repositories with targeted pull requests, attackers can potentially target ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
Cryptopolitan on MSN

Cordyceps flaws let anyone with a free GitHub account hijack CI/CD pipelines at Microsoft, Google, and Apache

Security firm Novee has revealed Cordyceps as a class of exploitable CI/CD vulnerabilities across open-source repositories ...
ADTmag

TomEE 11 Milestone and Hibernate ORM 8 Beta Signal Jakarta EE Modernization Push

Open-source Java projects advance Jakarta EE compatibility, persistence capabilities, and developer tooling as enterprise teams prepare for the next generation of Java applications.
InfoQ

Argo CD 3.5 Tightens Supply Chain Security with Internal mTLS and Source Integrity

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...