Codecov starts notifying customers affected by supply-chain attack

Ax Sharma reports:

As of a few hours ago, Codecov has started notifying the maintainers of software repositories affected by the recent supply-chain attack.

These notifications, delivered via both email and the Codecov application interface, state that the company believes the affected repositories were downloaded by threat actors.

The original security advisory posted by Codecov lacked any Indicators of Compromise (IOCs) due to a pending investigation.

Read more on BleepingComputer.

About the author: Dissent

Comments are closed.