MEDIUMSupply Chain
Global

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

·Source: The Hacker News

Updated:

Executive Summary

Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along with internal GitHub repositories. "After the initial assessment, we found that in addition to source

Analysis

Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along with internal GitHub repositories. "After the initial assessment, we found that in addition to source
Source Attribution

Originally published by The Hacker News on May 20, 2026.

Related Threats

LOWSupply Chain

Why some security fixes never reach your vulnerability dashboard

On April 22, for roughly 90 minutes, a malicious version of Bitwarden CLI appeared on npm. Version 2026.4.0 contained a credential-stealing payload that executed an obfuscated loader and harvested AWS, Azure, GCP, GitHub, and npm tokens from any developer machine that ran npm install . The attackers reached Bitwarden’s npm publishing path through a compromised GitHub Action related to the Checkmar

CVE-2026-42994CVE-2020-10148
CSO Online
MEDIUMSupply Chain

The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised

A day after the AntV npm supply chain attack, the same campaign appears to have struck `durabletask`, a Microsoft-associated Python package on PyPI. Snyk has coverage in the vulnerability database and package health pages. Here's what we know.

Snyk
CRITICALSupply Chain

Contractor’s public GitHub account exposed GovCloud and CISA credentials

Until a few days ago, a publicly-accessible GitHub repository exposed credentials for both US government AWS accounts and internal Cybersecurity and Infrastructure Security Agency (CISA) systems. That’s according to cybersecurity reporter Brian Krebs, who first broke the news over the weekend , acting on a tip from researcher Guillaume Valadon at GitGuardian. Valadon confirmed the information in a

CSO Online