Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

May 20, 2026
No Comments

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised.

It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private source code along with internal GitHub repositories.

“After the initial assessment, we found that in addition to source

Leave a Reply Cancel reply

Exploited Faster, Patched Slower: Verizon DBIR 2026 Shows Security Teams Losing Ground May 20, 2026
The Verizon 2026 Data Breach Investigations Report (DBIR) reveals a threat environment moving much faster than many organizations can reasonably protect themselves against. Based on information collected from more than 31,000 security incidents and over 22,000 confirmed data breaches spanning 145 different countries, the DBIR reveals a changing face to how attackers get in, how fast vulnerabilities are exploited, […]
Kirsten Doyle
How EM is boosting the career trajectory of VM analysts May 19, 2026
As organizations shift from vulnerability management (VM) to exposure management (EM), the role of the VM analyst must evolve or become outmoded. This necessary transition forces analysts to move beyond the job description of scanning and patching and into more strategic, business-aligned roles. AI has necessitated this change in many areas of security, from SOCs to CISOs, […]
Katrina Thompson
NCSC warns organisations not to rush into agentic AI May 19, 2026
UK’s National Cyber Security Centre (NCSC) has advised businesses to proceed with caution when considering the implementation of agent-based AI, suggesting that agentic AI represents an entirely different kind of security problem compared to generative AI. According to a recent blog post and global guidance, produced in cooperation with authorities in the US, Australia, Canada, and New Zealand, NCSC advised organisations to “learn to […]
Kirsten Doyle
7-Eleven Notifies Franchise Applicants After Breach Exposes Personal Data May 19, 2026
A security breach notification process has been initiated by 7-Eleven as a result of a security incident where an outside party was able to gain access to their systems containing franchisers’ information. According to a breach notification filed with the state of Maine, the company discovered that threat actors accessed some of its internal systems on 8 April 2026. The company claims that […]
Kirsten Doyle
OpenAI rotates certificates after TanStack supply chain attack hits employee devices May 18, 2026
OpenAI has confirmed that two employee devices were compromised in the recent TanStack npm supply chain attack, prompting the company to rotate code-signing certificates and require macOS users to update their applications by 12 June. In a security advisory published this week, the company said it found no evidence that customer data, production systems, or intellectual property were accessed […]
Kirsten Doyle
Microsoft discloses Exchange zero-day with no patch yet available May 18, 2026
Microsoft has disclosed a zero-day vulnerability that affects Exchange Server 2016, 2019, and Subscription Edition. This vulnerability would give bad actors an opportunity to run arbitrary code remotely on the Exchange server. Although Microsoft has not issued any patches for this security vulnerability, they suggested two possible mitigations until a solution becomes available. According to Microsoft, one preferred mitigation strategy is […]
Kirsten Doyle
Beyond deepfakes: Building identity resilience against AI impersonation May 15, 2026
Generative AI is changing the economics of identity fraud. Voice cloning, real-time face animation, synthetic documents, and AI-assisted social engineering are making it easier for attackers to impersonate legitimate users across service desks, onboarding workflows, and remote account recovery. The real question is no longer just whether a user’s identity can be verified, but whether […]
Rohan Pinto
Cyberattack on West Pharmaceutical halts manufacturing across multiple sites May 15, 2026
West Pharmaceutical Services has disclosed a ransomware attack that disrupted manufacturing, shipping, and receiving operations across multiple global facilities after bad actors breached the company’s network on 4 May. The pharmaceutical packaging manufacturer said attackers exfiltrated data and encrypted systems, forcing the company to proactively shut down portions of its infrastructure to contain the incident. “We continue to make good progress in the restoration of our systems. Our […]
Kirsten Doyle
Tenable warns AI adoption is outpacing governance as cloud exposure risks surge May 15, 2026
A new report from Tenable is warning that organizations are creating what it describes as a growing “AI exposure gap,” as enterprises race to deploy AI tools and cloud-native services faster than security and governance teams can keep up. The “Cloud and AI Security Risk Report 2026” examined telemetry data gathered from public cloud and enterprise ecosystems from […]
Kirsten Doyle
What to do when your AI’s guardrails fail May 14, 2026
I want to talk about the Microsoft 365 Copilot bug. Not because it was exceptional, but because what it exposed should change how every organization architects AI governance. For weeks at the beginning of the year, Microsoft 365 Copilot read and summarized confidential emails despite sensitivity labels and Data Loss Prevention policies being correctly configured […]
Tim Freestone

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit

Leave a Reply Cancel reply

[email protected]

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Grafana GitHub Breach Exposes Source Code via TanStack npm Attack

Share :

Leave a Reply Cancel reply