A free GitHub account just hijacked Microsoft's SIEM, Google's AI agent kit, and Apache's database pipeline. 300+ repos confirmed exploitable. Your CI/CD is the attack surface.

Novee Security scanned 30,000 repositories and found a parasite hiding in the CI/CD pipeline of some of the biggest companies on earth.

They named it Cordyceps.

654 repos flagged. 300+ confirmed fully exploitable. The attacker needs zero privileges. A free GitHub account is enough.

Microsoft Azure Sentinel: one anonymous comment on a pull request executes attacker code and steals a non-expiring GitHub App key. That key writes directly to the security content deployed into customer Sentinel workspaces.

Google's AI Agent Development Kit: one pull request runs code in Google's CI and gains roles/owner on the associated GCP project. The highest permission level. One PR. Permanent cloud access.

Apache Doris: two independent zero-click attacks. One steals hardcoded CI credentials. The other exfiltrates a token with full write permissions across the entire repository.

The flaw lives in GitHub Actions YAML files. These workflows run shell commands, authenticate to cloud providers, hold signing keys, and publish releases. But they are treated as configuration. Not as security-critical code.

The vulnerability class spans command injection, broken authentication logic, artifact poisoning, and cross-workflow privilege escalation. No single step looks dangerous. The exploit exists only in the composition.

And AI coding agents are making it worse. They generate CI/CD workflows at scale and reproduce the same insecure patterns across millions of repositories. The parasite is replicating itself.

All named organizations patched before disclosure. No evidence of exploitation at scale yet. But millions of repositories remain potentially affected.

Audit your CI/CD workflows today. Treat GitHub Actions YAML as executable code with real security implications. If your pipeline runs on Actions, assume you are exposed until you verify otherwise.

SOURCE: https://novee.security/blog/cordyceps
VERIFIED: Novee Security original research (June 23, 2026), SecurityWeek (June 24, 2026), The Hacker News (June 24, 2026), TechTimes (June 25, 2026)
SIGNAL: This is the first proof that the open-source CI/CD supply chain is structurally compromised at Fortune 100 scale. Agentic coding is accelerating the infection. Every CISO running GitHub Actions needs to audit their workflows now.