BTC $62,724.06 -2.22%
ETH $1,776.62 -2.42%
BNB $569.67 -1.86%
XRP $1.07 -2.24%
SOL $75.97 -1.93%
TRX $0.3260 -1.52%
DOGE $0.0723 -1.75%
ADA $0.1593 -3.18%
BCH $238.89 -2.57%
LINK $7.95 -1.41%
HYPE $64.23 -5.14%
AAVE $95.57 -3.12%
SUI $0.7302 -1.79%
XLM $0.1840 -2.40%
ZEC $512.71 -3.68%
BTC $62,724.06 -2.22%
ETH $1,776.62 -2.42%
BNB $569.67 -1.86%
XRP $1.07 -2.24%
SOL $75.97 -1.93%
TRX $0.3260 -1.52%
DOGE $0.0723 -1.75%
ADA $0.1593 -3.18%
BCH $238.89 -2.57%
LINK $7.95 -1.41%
HYPE $64.23 -5.14%
AAVE $95.57 -3.12%
SUI $0.7302 -1.79%
XLM $0.1840 -2.40%
ZEC $512.71 -3.68%

名为 “Cordyceps” 的 CI/CD 高危漏洞曝光,微软、谷歌等多个头部企业开源仓库中招

2026-06-25 14:51:53
收藏

ChainCatcher 消息,慢雾首席信息安全官 23pds 发文称,研究员曝光了一类名为 Cordyceps 的 CI/CD 高危风险,微软、谷歌、Apache、Cloudflare 等头部企业的开源仓库全都实测中招。攻击者不用企业账号、不用任何系统权限,仅注册一个免费 GitHub 账号,提交一段恶意 PR、留一条评论,就能伪造审批、偷取服务器密钥、推送恶意代码,完全掌控企业代码仓库。

app_icon
ChainCatcher 与创新者共建Web3世界