A free GitHub account was all it took to hijack Microsoft and Google's code pipelines

Share this content

June 25, 2026

Researchers found that more than 300 repositories at Microsoft, Google and Apache could be hijacked by anyone with a no-cost GitHub account, exposing a systemic weakness that likely reaches into Texas campus software projects too.

Cordyceps

Imagine walking onto a factory floor, leaving a comment on a sticky note, and watching the assembly line quietly rewire itself to do what you asked, no badge, no keycard, nobody checking credentials. That is roughly what researchers found happening inside some of the world's most trusted software pipelines this June. A class of vulnerabilities named "Cordyceps," after the fungus that hijacks its host from within, let anyone with a free GitHub account manipulate build systems at Microsoft, Google, Apache and other major organizations, simply by leaving a comment or opening a pull request.

What happened

Modern software teams rely on automated pipelines, commonly built on GitHub Actions, to test, build and deploy code every time a developer makes a change. These pipelines often run with powerful, privileged credentials so they can publish software, deploy to cloud environments, or sign releases. Researchers at Novee Security scanned roughly 30,000 high-impact GitHub repositories and found more than 300 contained a dangerous, repeatable misconfiguration: workflows using GitHub features like "pull_request_target," which run with elevated trust, in ways that processed attacker-controlled input, such as a pull request's title or a comment, without adequate safeguards. Because these workflows didn't verify who was submitting the input, an outside attacker with nothing more than a free GitHub account could trigger them and run code inside an organization's trusted build environment, stealing deployment credentials, forging approvals, or inserting malicious code into a release before it reached customers. Confirmed examples included a path into Microsoft's Azure Sentinel repository exposing a non-expiring GitHub App key, a flaw in a Google AI repository granting control over a Google Cloud project, and an Apache Doris issue letting a single pull-request comment exfiltrate credentials. The Hacker News, Dark Reading and Hackread covered the disclosure, published in late June.

Why it matters for Texas institutions

Texas research universities, state agencies and community colleges increasingly build and deploy their own software, from research computing tools to student-facing applications, and many rely on GitHub Actions, often set up quickly by small teams without a dedicated security reviewer. Cordyceps is not a single bug in a single product; it's a misconfiguration researchers found repeating itself across thousands of repositories, largely because developers, increasingly aided by AI assistants that reproduce the same insecure patterns, copy workflow templates without fully understanding the trust boundaries involved. Any Texas institution maintaining public or semi-public repositories, including research labs publishing open-source tools, IT departments managing deployment scripts, or student groups running their own projects, could be exposed. A compromised pipeline can lead directly to stolen cloud credentials or a poisoned release, either of which could affect systems well beyond the original repository.

What your institution should do

Start by inventorying which GitHub repositories your institution maintains and identifying which use automated workflows tied to pull requests, since you cannot secure what you haven't found. For every workflow using pull_request_target, workflow_run, or similar elevated-trust triggers, confirm it includes explicit checks on who may trigger privileged actions, rather than trusting pull request metadata by default. Review what credentials your CI/CD pipelines hold, and replace long-lived, non-expiring tokens with short-lived, narrowly scoped ones so a compromised workflow can't become a permanent backdoor. Enable GitHub's built-in advisories for risky workflow configurations, surfaced in response to this research, and treat those alerts as action items. Finally, if your institution uses AI assistants to generate CI/CD configurations, build a manual review step for workflow files, since researchers found AI tools reproducing the same vulnerable patterns at scale.

Cordyceps is a reminder that supply chain security isn't just a concern for big tech; it touches every campus lab, IT shop and student project with a GitHub repository. RSOC is available to help Texas institutions review their CI/CD configurations and understand their exposure. If your team wants a second set of eyes on your pipelines, reach out to the Regional Security Operations Center at rsoc.utexas.edu.