Daylila

Cybersecurity · Wednesday, 24 June 2026

01 · Briefing · what happened

A new flaw lets a stranger's code change run on Microsoft's and Google's own machines

Cybersecurity 5 min 32 sources

Researchers named "Cordyceps" — a weakness where the automated systems that handle open-source contributions trust those contributions too much, exposing CI/CD pipelines at Microsoft, Google, Apache and Cloudflare. Plus four flaws in a popular AI platform, a fake software package that hid a remote-control tool, and two teenagers convicted over the Transport for London hack.

Key takeaways

  • A newly named flaw, "Cordyceps," lets a stranger's pull request run code on the high-privilege systems that big projects — including Microsoft's and Google's — use to handle outside contributions; it was caught and fixed before wide abuse.
  • Several of today's flaws share one shape: every individual piece works as designed, and the danger lives in the seam between them that no one thought to check.
  • Your password's real strength is whether anyone can guess the meaning behind it — not whether it has a number and a symbol; a football name dressed up still gets cracked.

The biggest security story today isn’t a breach. It’s a class of weakness — newly named, and built into the way most modern software gets made.

The flaw in how software gets built

Researchers at a penetration-testing firm called Novee published a weakness they’ve named Cordyceps, and confirmed it on the systems of Microsoft, Google, Apache and Cloudflare [2].

Here’s the plain version. Modern software is built in the open. Anyone can suggest a change to a project’s code — that suggestion is called a pull request. A small group of maintainers reviews it before it gets merged in. To save them work, projects set up automated systems — CI/CD pipelines, the machinery that tests and packages code automatically — to run checks on each pull request as it comes in [2].

The problem: those automated checks often run with high privilege — they hold signing keys and access tokens — while the pull request they’re checking comes from a complete stranger [2]. Novee found that on Microsoft’s Azure Sentinel, a single comment on a pull request could run an outsider’s code on Microsoft’s own systems and steal a non-expiring access key. On Google’s AI Agent Development Kit, a pull request could hand an attacker control over a Google Cloud project [2].

From one scan, Novee flagged 654 repositories as potentially exploitable, with 300 “confirmed fully exploitable” [2]. Microsoft and Google confirmed the impact; Cloudflare and Apache applied fixes [2]. The researcher told Dark Reading there’s “no evidence that any attacker or group has applied the pattern broadly, at scale” [2] — so this is a flaw caught before it was widely abused, not a breach.

The researcher’s own description is the part worth keeping: “every individual piece is working as designed… the vulnerability exists only in the composition — untrusted data crossing a trust boundary that no one audited” [2]. No single part is broken. The danger lives in the seam between them.

Four flaws in an AI platform a million apps run on

Security firm Zafran found four vulnerabilities in Dify, an open-source platform used to build AI applications — one report puts its reach at over a million apps [1].

The most serious lets an attacker who simply signs up for the platform set up a hidden channel that quietly copies every message and response from any publicly accessible app on it [1]. Two more flaws let an attacker reach files uploaded by other users sharing the same system [1]. Dify released a patched version, 1.14.2, and is telling users to update [1]. If you build on Dify, that update is the action — and worth checking whether any app you run was exposed in the window before the fix.

A fake package that looked just real enough

A malicious package appeared on npm, the registry where JavaScript developers pull in shared code [12]. It was named postcss-minify-selector-parser — close enough to a genuine, hugely popular library (postcss-selector-parser, downloaded over 150 million times a week) to pass a quick glance [12].

This is typosquatting: registering a name a hair off a trusted one and waiting for someone to grab the wrong one. The moment a developer imported it, it unpacked a hidden, encrypted payload and installed a remote-access tool on their Windows machine [12]. Each piece looked fine on its own — a plausible name, a normal-looking dependency list. The trap was in the whole.

When a flaw sits unnoticed for eight years

SecurityWeek reported a flaw in Samsung KNOX, the security layer on Galaxy phones, that sat undiscovered for roughly eight years and exposed millions of devices to attacks on the phone’s core software [10]. The lesson there is the quiet one: a vulnerability isn’t created the day it’s found. It exists the whole time — the discovery just starts the clock on the fix.

Two teenagers, and the long arm behind a “faceless” crime

At Woolwich Crown Court, two members of the group known as Scattered Spider pleaded guilty over the 2024 cyber-attack on Transport for London, the body that runs London’s transport network [22]. One defendant, Thalha Jubair, is alleged in separate US charges to have taken part in at least 120 network intrusions, with victims paying $115 million or more in ransoms [22].

The investigation was “lengthy, highly complex and painstaking,” a National Crime Agency official said [22]. The point for an ordinary reader: cybercrime can feel faceless and distant, but the people behind it are findable, and increasingly being found.

What your password says without meaning to

A piece of research worth ending on, because it’s about a choice everyone makes. Analysing more than 6.4 billion compromised passwords, security firm Specops found football names appearing at scale — Messi over 1.2 million times, Ronaldo around 923,000 [21].

Here’s the catch. A password like Cr7ronaldo@? passes most rules — uppercase, lowercase, a number, a symbol [21]. But the rules check structure, not meaning [21]. If an attacker guesses you follow football, that “strong” password becomes easy to predict. Attackers feed automated tools wordlists built from current events, then add the obvious tweaks — a year, a symbol, a capital letter [21].

The action is simple. The strength of a password isn’t in its character mix — it’s in whether anyone could guess the idea behind it. A long string of unrelated words, or a password manager that invents random ones, beats a clever-looking favourite every time.

02 · Lesson · why it matters

The danger isn't in any one part — it's in the seam no one was watching

When every piece does exactly what it was told, the failure hides in the space between them, where each side assumes the other is doing the checking.

Nothing was broken

Read the Cordyceps story closely and you notice something strange: nobody made a mistake.

The pull request system worked — strangers can suggest changes, that’s the point of open software. The automated checker worked — it ran the checks it was told to run. The access keys worked — the checker needs high privilege to do its job. Every single part behaved exactly as designed.

And yet an outsider could run their code on Microsoft’s machines and walk off with a key.

The researcher who found it put it better than anyone could: the vulnerability “exists only in the composition — untrusted data crossing a trust boundary that no one audited.” There was no broken part to find. The danger lived in the seam — the place where the stranger’s code met the powerful machine, and both sides assumed someone else had checked.

Why seams are where things break

This is one of the most reliable patterns in any complex system, and it has nothing to do with computers.

Two departments each do their job perfectly, and the thing that falls through the cracks is the handoff between them — the form that one assumed the other would file. A bridge holds; the bolt connecting two beams that each held fine is the part that fails. A patient sees three doctors who each prescribe correctly, and the harm is the interaction between the drugs that no single one of them was watching for.

When you inspect a system, your eye goes to the parts. Parts are visible. You can name them, test them, certify them. But a seam isn’t a thing — it’s a relationship, an assumption, a “surely they handle that.” It doesn’t show up on any one inspection because it doesn’t belong to any one inspector. Every piece works as designed; the design just never asked who owns the gap.

The same shape, all over today’s news

Once you see it, today’s other stories stop looking separate.

The fake software package passed a quick review because its name was fine and its dependency list was fine — each piece checked out, and the trap was the whole. The password Cr7ronaldo@? passes every rule a system can enforce — uppercase, a number, a symbol — because the rules check structure, and the weakness lives in meaning, which no rule was watching. The Samsung flaw sat for eight years not because anyone failed to do their job, but because it lived in a part of the seam no one had reason to look at.

These aren’t four problems. They’re one problem wearing four costumes. The checks were real. They just measured the parts, and the failure was never in a part.

Why no one is watching the seam

The honest reason the gap goes unguarded is that guarding it is nobody’s job, and making it someone’s job is expensive.

The maintainer reviewing a pull request is thinking about the code, not about what their automation does with it. The developer adding a package is thinking about the feature, not about the registry’s naming rules. The system enforcing password complexity can count character types but cannot read a mind. Each person is doing real work, competently, inside their own square. The seam is the one place no square covers — and watching it means someone has to step outside their square to ask the uncomfortable question: what happens where my part meets yours, and which of us assumed the other had it covered?

That question is unglamorous. It produces no feature. It is exactly the work that gets skipped — until the seam gives way, and then everyone points, correctly, at a part that worked.

What this leaves you holding

You are inside more of these seams than you can count.

The bank trusts the merchant, the merchant trusts the payment processor, the processor trusts a library someone wrote for free — and your money rides across every handoff, none of which you can see. The strength of the whole thing isn’t the strength of any one company you’ve heard of. It’s the strength of the weakest assumption in the chain, sitting in a seam that belongs to no one.

That’s not a reason for fear. It’s a reason for a particular kind of humility. The next time something fails — a system, an organisation, a plan of your own — the instinct is to hunt for the broken part and the person who broke it. Sometimes that’s right. But often there was no broken part. There was a seam, and a quiet assumption on both sides that the other one was looking. The hardest gaps to see are the ones that aren’t anybody’s fault, because they were never anybody’s job.

03 · Lab · your turn

Find the Failure

Rehearse looking past the working parts to the unguarded seam between them, where the real failure hides.

04 · Hope · carry this

The same researchers who can find a flaw in the seam are the reason it gets fixed before anyone's harmed — and most of them do it quietly, for the good of a system they'll never be thanked for protecting.

More from Cybersecurity

Texas loses 3 million hunters' and anglers' data — through a vendor they never chose A Splunk flaw was patched June 10. Within days, attackers were already through the door The GTA 6 scam preys on a wait that's lasted years

Across the beats

The same $1,000 gaming box that Sony would sell at a loss, Valve sells at cost A teenager is "worth" $229 million — and most of these prices are guesses The future of meat keeps inventing itself, then running out of money to build the factory