HashiCorp has disclosed a security incident that occurred due to the recent Codecov attack. Codecov provides software testing and code coverage services to over 29,000 customers. The company states that as a result of this, the GPG key used by the company to sign and verify software releases was exposed. A new GPG private key has been published that is to be used from now on: C874 011F 0AB4 0511 0D02 1055 3436 5D94 72D7 468F.
Source: https://www.bleepingcomputer.com/news/security/hashicorp-is-the-latest-victim-of-codecov-supply-chain-attack/