HashiCorp reveals exposure of private code-signing key after Codecov compromise

Among the first of many? Software tools biz reports internal use of credential-stealing script
HashiCorp, an open-source company whose Terraform product is widely used for automated cloud deployments, has revealed a private code-signing key was exposed thanks to the compromised Codecov script discovered earlier this month.…