> TritonInfoSec News
Home / May 21, 2026 / Story
0
#8 BleepingComputer general May 20, 2026 at 15:46 UTC

Grafana breach caused by missed token rotation after TanStack attack

By Bill Toulas

AI Summary

Grafana's data breach was traced to a single GitHub workflow token that was missed during credential rotation following the TanStack npm supply-chain attack. The breach was limited to Grafana Labs' GitHub environment, exposing public and private source code and internal repositories, with no customer production systems affected. The incident illustrates how a single unrotated token in CI/CD pipelines can cascade into a significant source code exposure event.

Read full article → https://www.bleepingcomputer.com/news/security/gra…

Relevance score: 78.0/100

# More from May 21

  1. 1
    GitHub confirms breach of 3,800 repos via malicious VSCode extension BleepingComputer
  2. 2
    Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks The Hacker News
  3. 3
    Microsoft disrupts Fox Tempest malware-signing-as-a-service platform tied to ransomware gangs The Record
  4. 4
    Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit The Hacker News
  5. 5
    CISA Exposes Secrets, Credentials in 'Private' Repo Dark Reading
  6. 6
    Attackers hit vulnerabilities hard last year, making exploits the top entry point for breaches CyberScoop
  7. 7
    7-Eleven confirms data breach claimed by the ShinyHunters gang BleepingComputer
  8. 9
    Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack SecurityWeek
  9. 10
    Microsoft Self-Service Password Reset abused in Azure data theft attacks BleepingComputer