'Cordyceps': Mushrooming Malicious Pull Requests Threaten Developer Workflows

A series of malicious pull requests, dubbed 'Cordyceps', have been targeting various open-source projects, including Azure Sentinel, AI Agent Development Kit, Doris, Workers SDK, and Black. These pull requests can disrupt developer workflows and potentially introduce security vulnerabilities. Developers are advised to review their pull requests carefully and be cautious of suspicious activity. It's essential to maintain a secure CI/CD workflow to prevent such attacks.