Important PSA - Codecov.IO Bash Uploader Security Update
nullnothere
OG
in General
There has been a fairly serious backdoor implanted resulting in credential leakage.
If you use/have used their tool, please be sure to revoke/rotate your (relevant, affected) credentials immediately.
More information:
https://about.codecov.io/security-update/
Ars Technica has coverage here: https://arstechnica.com/gadgets/2021/04/backdoored-developer-tool-that-stole-credentials-escaped-notice-for-3-months/
Tagged: