A software supply chain attack against the Codecov Bash Uploader went undetected for four months and now security teams are scrambling to figure out which sensitive secrets were stolen.
— Read on www.securityweek.com/codecov-bash-uploader-dev-tool-compromised-supply-chain-hack