On June 24, research from Novee Security was released, reporting a CI/CD weakness that could enable anyone with an unauthenticated free GitHub account to hijack trusted workflows and compromise open-source supply chains. Dubbed “Cordyceps” after the parasitic fungus, the weakness allegedly appeared across dozens of organizations, both small and large, including Microsoft, Google, Apache, Python, and Cloudflare. After scanning roughly 30,000 hig…