logo

Grafana Confirms TanStack npm Supply Chain Ransom Incident Hit GitHub Environment

ID: 92a0b3c4-a0e9-5c05-93d5-303d427ef18c

STIX ID: report--92a0b3c4-a0e9-5c05-93d5-303d427ef18c

Feed Name: Cyber Press

Threat Score
70/100

Date Published: 2026-06-24

Date Updated: 2026-06-24

Author: Lucas Martin

...
...

Grafana Labs published a post-incident review of a May 2026 TanStack npm supply-chain ransom attack in which actors exploiting a self-hosted GitHub Actions runner and an overlooked credential exfiltrated repository contents and issued a ransom demand; Grafana engaged Mandiant for a forensic review, declared the compromise contained to its GitHub environment, found no evidence of customer data compromise or code tampering, and performed extensive remediation and security changes.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.