From bleepingcomputer.com
As of a few hours ago, Codecov has started notifying the maintainers of software repositories affected by the recent supply-chain attack.
These notifications, delivered via both email and the Codecov application interface, state that the company believes the affected repositories were downloaded by threat actors.
The original security advisory posted by Codecov lacked any Indicators of Compromise (IOCs) due to a pending investigation.