Another significant software supply chain hack: Codecov Bash Uploader breach went undetected for four months as attackers stole credentials, tokens and keys from orgs around the world
@ryanaraine
"The actor gained access because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script"
What's the translation of this statement? "We leaked credentials in published code"
?