> TritonInfoSec News
Home / May 24, 2026 / Story
0
#4 SecurityWeek general May 22, 2026 at 07:49 UTC

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

By Ionut Arghire

AI Summary

Grafana disclosed that its codebase and other internal data were stolen after attackers leveraged a GitHub access token compromised in the TanStack supply chain attack that was never rotated. The incident illustrates cascading third-party supply chain risk: a token stolen upstream gave attackers direct access to Grafana's repositories. Security teams should audit and rotate all tokens associated with compromised upstream dependencies.

Read full article → https://www.securityweek.com/grafana-says-codebase…

Relevance score: 84.0/100

# More from May 24

  1. 1
    LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root The Hacker News
  2. 2
    Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV The Hacker News
  3. 3
    A hacker group is poisoning open source code at an unprecedented scale Ars Technica Security
  4. 5
    ‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested SecurityWeek
  5. 6
    US and Canada arrest and charge suspected Kimwolf botnet admin BleepingComputer
  6. 7
    CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV The Hacker News
  7. 8
    CISA Security Leak Schneier on Security
  8. 9
    FBI warns about fast-growing phishing kit targeting Microsoft 365 users CyberScoop
  9. 10
    China's Webworm Uses Discord, Microsoft Graphs to Hack EU Govts. Dark Reading