Codecov has started notifying the maintainers of software repositories affected by the recent supply-chain attack. As of a few hours ago, impacted customers have started receiving email notifications asking them to log in to their Codecov account to see more details. The company has also disclosed multiple IP addresses as IOCs that were used by the threat actors to collect sensitive information (environment variables) from the affected customers. The attack went undetected for two months before being reported by BleepingComputer.
Source: https://www.bleepingcomputer.com/news/security/codecov-starts-notifying-customers-affected-by-supply-chain-attack/