A zero-day in the Microsoft Common Log File System that has been abused by the operator of the Nokoyawa ransomware is among 97 vulnerabilities fixed in April’s Patch Tuesday update.
HashiCorp is the latest victim of Codecov supply-chain attack
By
02:16 AM
Open-source software tools and Vault maker HashiCorp has disclosed a security incident that occurred due to the recent Codecov attack.
HashiCorp, a Codecov customer, has stated that the recent Codecov supply-chain attack aimed at collecting developer credentials led to the exposure of HashiCorp s GPG signing key.
The private key is used by HashiCorp to sign and verify software releases, and has since been rotated as a precaution.
HashiCorp discloses code-signing key compromise
This week, HashiCorp, a notable open-source software tools and infrastructure provider, disclosed that the recent Codecov supply-chain attack had impacted a subset of their Continuous Integration (CI) pipelines.