Ars Technica

Backdoored developer tool that stole credentials escaped notice for 3 months

A publicly available software development tool contained malicious code that stole the authentication credentials that apps need to access sensitive resources. It’s the latest revelation of a supply ...
Bleeping Computer

Codecov starts notifying customers affected by supply-chain attack

As of a few hours ago, Codecov has started notifying the maintainers of software repositories affected by the recent supply-chain attack. These notifications, delivered via both email and the Codecov ...
LeMagIT

Codecov : une attaque sur la chaîne logistique qui rappelle SolarWinds

Certaines des plus grandes entreprises IT dans le monde enquêtent sur de potentielles compromissions de leurs systèmes. Leur point commun : elles utilisent les services de Codecov, un spécialiste de ...
Bleeping Computer

Rapid7 source code, credentials accessed in Codecov supply-chain attack

US cybersecurity firm Rapid7 has disclosed that some source code repositories were accessed in a security incident linked to the supply-chain attack that recently impacted customers of the popular ...