Armed with stolen developer passcodes, attackers have checked in changes to repositories under the automation feature’s name in an attempt to escape notice.
Source: htdarkreading.com