23pds: Cordyceps vulnerability poses risks to open source repositories of companies such as Microsoft and Google

23pds, Chief Information Security Officer of SlowMist, stated that researchers have exposed a high-risk CI/CD risk called Cordyceps, which has been tested on open source repositories of companies such as Microsoft, Google, Apache, and Cloudflare. Attackers only need to register a GitHub account and submit malicious PR or comments to forge approvals, steal server keys, push malicious code, and gain control of the enterprise code repository.