Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated. The post Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack appeared first on SecurityWeek.
Grafana this week revealed that the unauthorized access to the Grafana Labs GitHub repositories disclosed earlier this month was the result of the TanStack supply chain attack.
On May 11, TanStack and other high-profile NPM and PyPI projects were hit by a Mini Shai-Hulud supply chain attack that resulted in self-propagating information-stealing malware being deployed on victims’ computers.
Grafana says it detected malicious activity associated with the attack on May 11 and immediately rotated GitHub workflow tokens.
Related breach coverage
- OpenAI Hit by TanStack Supply Chain Attack2026-05-15
Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. The post OpenAI Hit by TanStack Supply Chain Attack appeared first on SecurityWeek.
- Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack2026-05-20
A compromised maintainer account was used to publish malicious package versions across the @antv namespace. The post Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack appeared first on SecurityWeek.
- GitHub Confirms Hack Impacting 3,800 Internal Repositories2026-05-20
The TeamPCP hacking group accessed the repositories after a GitHub employee installed a poisoned VS Code extension. The post GitHub Confirms Hack Impacting 3,800 Internal Repositories appeared first on SecurityWeek.
- Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility2026-05-21
New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking. The post Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility appeared first on SecurityWeek.