DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee’s laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company’s systems and data last month.
The CI/CD service CircleCI said the “sophisticated attack” took place on December 16, 2022, and that the malware went undetected by its antivirus