Novee Uncovers Exploitable CI/CD Vulnerabilities in Major Open-Source Repositories
- Vulnerability Overview: Security firm Novee has revealed a new class of CI/CD vulnerabilities called 'Cordyceps,' which allowed attackers to exploit 300 fully exploitable attack chains across 30,000 open-source repositories, impacting major software companies like Microsoft and Google.
- Attack Path: The attack chain typically begins with a pull request from an outsider, activating a low-privilege workflow that treats external input as trusted data, leading to a high-privilege workflow that may hold cloud provider authentication tokens, enabling attackers to steal non-expiring tokens or permanently compromise repositories.
- Major Affected Companies: Novee identified serious vulnerabilities in Microsoft’s Azure Sentinel, Google’s AI Agent Development Kit, Apache’s Doris database, Cloudflare’s Workers SDK, and the Python Software Foundation’s Black code formatter, potentially allowing attackers to gain high-level access.
- Security Recommendations: Researchers advise CISOs to treat CI/CD workflow files as security-critical code to prevent future attacks, as these vulnerabilities have been patched, but AI coding assistants may continue to reproduce similar issues across millions of repositories.
Get Real-Time Alerts for Any Crypto Movement
Technical Analysis for P2P
Technical Sentiment Analysis for Sentinel (P2P). As of , Sentinel (P2P) is exhibiting a Sell technical sentiment. Our proprietary analysis, which aggregates 4 technical signals, shows that 1 indicators are flashing buy, while 3 are indicating sell.
Momentum Indicators: RSI, MACD & Overbought/Oversold Status. Currently, the Relative Strength Index (RSI) for P2P stands at -, which suggests a Neutral condition. Meanwhile, the MACD (12, 26) indicator is at -, providing a Neutral signal for short-term momentum. Other oscillators like the Stochastic Oscillator at - and the Commodity Channel Index (CCI) at - further confirm a - outlook for the crypto.
Support, Resistance & Moving Averages. From a structural perspective, P2P is trading below its 60-day moving average of $- and below its 200-day long-term moving average of $-. Key price levels to watch include the immediate resistance at $- and strong support at $-. A break above $- could signal a bull continuation, while falling below $- may test the next Fibonacci floor at $-.
Sentinel (P2P) Support & Resistance Level
| Name | S3 | S2 | S1 | Pivot Points | R1 | R2 | R3 |
|---|---|---|---|---|---|---|---|
| Classic | 0.0000279 | 0.0000345 | 0.0000407 | 0.0000473 | 0.0000535 | 0.0000601 | 0.0000663 |
| Fibonacci | 0.0000345 | 0.0000393 | 0.0000424 | 0.0000473 | 0.0000521 | 0.0000552 | 0.0000601 |
About P2P
About the author







