Rapid7 Source Code Breached in Codecov Supply-Chain Attack

From thehackernews.com

Cybersecurity company Rapid7 on Thursday revealed that unidentified actors improperly managed to get hold of a small portion of its source code repositories in the aftermath of the software supply chain compromise targeting Codecov earlier this year.

“A small subset of our source code repositories for internal tooling for our [Managed Detection and Response] service was accessed by an unauthorized party outside of Rapid7,” the Boston-based firm said in a disclosure. “These repositories contained some internal credentials, which have all been rotated, and alert-related data for a subset of our MDR customers.”

Read more…