Storia in 5 fonti

Grafana breach caused by missed token rotation after TanStack attack

The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week.

Raccontata da

lunedì 18 maggio 2026·siliconrepublic.com
Hackers access GitHub, download codebase in Grafana Labs breach
The recent Grafana labs hack has been confirmed by the organisation, with the company refusing to comply with ransom demands.
lunedì 18 maggio 2026·bleepingcomputer.com
Grafana says stolen GitHub token let hackers steal codebase
Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token.

lunedì 18 maggio 2026·

theregister.com

TanStack weighs invitation-only pull requests after supply chain attack

Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on unsolicited contributions

mercoledì 20 maggio 2026·

thehackernews.com

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Grafana GitHub breach stemmed from TanStack npm attack; missed token exposed repos, not customer production systems.

mercoledì 20 maggio 2026·

dev.to

Grafana’s GitHub Token Incident: 5 Steps DevOps Teams Can Take to Recover Faster

If the recent Grafana Labs GitHub token incident caught your attention, it should. A compromised...

mercoledì 20 maggio 2026·

bleepingcomputer.com