VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Grafana: Source-code leak via attack on TanStack npm package — a supply-chain lesson

Grafana: утечка исходников через атаку на пакет TanStack npm — урок для цепочки поставок

Colleagues, a cybersecurity alert: Grafana Labs confirmed that source code and internal repositories were exposed following an attack via the TanStack npm package.

- The company said the compromise was confined to its GitHub environment: public and private code, active repositories and business contacts were accessed.
- The attack is linked to the TeamPCP campaign; activity was observed on 11 May, a ransom demand on 16 May; no payment was made.
- Root cause was a leaked GitHub workflow token. Tokens were rotated, monitoring strengthened and commits audited.

Why it matters: the incident underlines supply-chain risk and CI/CD automation vulnerabilities.

How do you protect CI/CD and secrets?

#cybersecurity #supplychain #DevOps #GitHub

Latest comments

No comments yet.