TUESDAY, JUNE 23, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
EST. 2026 · A FAIZAN KHAN PUBLICATION
Meridian48
Tech news, summarised. AI, business, devices, policy — what you actually need to know.
Security · 1h ago

'Cordyceps' Attack Poisons Open-Source Pull Requests

By Meridian48 News Desk · Summarised from Dark Reading ·

A new attack called 'Cordyceps' exploits CI/CD workflows by injecting malicious code into pull requests targeting major projects like Azure Sentinel and Google's AI Agent Kit. The technique bypasses code review by hiding malicious changes in seemingly benign commits. Developers are urged to audit PRs more rigorously to prevent supply-chain compromise.

Meridian48 take
The attack's reliance on social engineering and workflow automation highlights a growing blind spot in open-source security that demands better tooling, not just developer vigilance.
Read the full reporting
'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows →
Dark Reading
supply-chain-attackci-cd-security
More security briefs
Security

FortiBleed Hack Harvests 110M Credentials from 430K FortiGate Firewalls

The Hacker News · 2h ago
Security

Klue Breach Traced to Stale Credential from 2022 Pilot

TechCrunch · 1h ago
Security

Healthtech Xsolis breach exposes 1.4M patients' data

Bleeping Computer · 1h ago
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan