HashiCorp is the latest victim of Codecov supply-chain attack

Open-source software tools and Vault maker HashiCorp disclosed a security incident yesterday that occurred due to the recent Codecov attack. HashiCorp, a Codecov customer, has stated that the recent Codecov supply-chain attack aimed at collecting developer credentials led to the exposure of HashiCorp’s GPG signing key. […] This post appeared first on Bleeping Computer
Author: Ax Sharma