ActiveState in the News
Stay up-to-date with our latest announcements, product launches, and media coverage.
Featured News
.png)
BleepingComputer
The GitHub Actions Attack Pattern Your CI Security Scanners Miss
A green pipeline is not a governed one, and agentic coding is widening the gap faster than review can close it. By Shane Warden, Principal Architect, ActiveState In June 2026, researchers at Novee Security disclosed a class of CI/CD weakness they named Cordyceps. They scanned roughly 30,000 high-impact repositories across the npm, PyPI, crates.io, and Go ecosystems, then flagged 654 and confirmed more than 300 as fully exploitable. The affected build tooling included projects published by Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation, and the entry requirement for an attacker is a free GitHub account. No org membership, no elevated privileges. Every one of those pipelines was green. The scanners ran, the checks passed, and the dashboards reported healthy results the entire time the exposure existed. The scanners were never built to see this danger. The Vulnerability Is in the Composition, Not the File GitHub Actions workflows are usually triggered by pull_request....
Read the article



