ZDNet

Codecov to retire the Bash script responsible for supply chain attack wave

Codecov has introduced a new uploader that relies on NodeJS to replace and remove a Bash script responsible for a recent supply chain attack. The San Francisco-based DevOps tool provider said in a ...
Bleeping Computer

Codecov ditches Bash Uploader for a NodeJS executable

Software testing and code coverage company, Codecov has now introduced a cross-platform uploader meant to replace its former Bash Uploader. This new uploader is available as a static binary executable ...
Bleeping Computer

Codecov starts notifying customers affected by supply-chain attack

As of a few hours ago, Codecov has started notifying the maintainers of software repositories affected by the recent supply-chain attack. These notifications, delivered via both email and the Codecov ...
Gizmodo

U.S. Federal Investigators Are Reportedly Looking Into Codecov Security Breach, Undetected for Months

U.S. federal investigators are purportedly looking into a security breach at Codecov, a platform used to test software code with more 29,000 customers worldwide, Reuters reported on Saturday. The ...
Homeland Security Today

Codecov Releases New Detections for Supply Chain Compromise

CISA is aware of a compromise of the Codecov software supply chain in which a malicious threat actor made unauthorized alterations of Codecov’s Bash Uploader script, beginning on January 31, 2021.