{"data":{"id":"b61f887d-ac3b-4339-89c9-385969855d95","title":"'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows","summary":"A vulnerability called 'Cordyceps' exploits weaknesses in CI/CD workflows (automated systems that test and deploy code changes) to inject malicious pull requests (code change proposals) into popular developer tools like Azure Sentinel, Google's AI Agent Development Kit, Apache Doris, Cloudflare Workers SDK, and Python's Black. Attackers can use this method to compromise the software supply chain, potentially affecting many developers who use these tools.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.darkreading.com/application-security/cordyceps-malicious-pull-requests-developer-workflows","publishedAt":"2026-06-23T19:16:42.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["Microsoft","Google"],"affectedVendorsRaw":["Microsoft Azure Sentinel","Google AI Agent Development Kit","Apache Doris","Cloudflare Workers SDK","Python Software Foundation Black"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-23T19:16:42.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}