Bleeping Computer

Codecov starts notifying customers affected by supply-chain attack

As of a few hours ago, Codecov has started notifying the maintainers of software repositories affected by the recent supply-chain attack. These notifications, delivered via both email and the Codecov ...
Bleeping Computer

Rapid7 source code, credentials accessed in Codecov supply-chain attack

US cybersecurity firm Rapid7 has disclosed that some source code repositories were accessed in a security incident linked to the supply-chain attack that recently impacted customers of the popular ...
Dark Reading

Attackers Compromised Code-Checking Vendor's Tool for Two Months

In a software supply-chain attack reminiscent of the SolarWinds compromise, unknown attackers used a vulnerable tool published by code checking firm Codecov for a little over two months to collect ...