Grafana Confirms TanStack npm Supply Chain Ransom Incident Hit GitHub Environment
ID: 92a0b3c4-a0e9-5c05-93d5-303d427ef18c
STIX ID: report--92a0b3c4-a0e9-5c05-93d5-303d427ef18c
Feed Name: Cyber Press
Threat Score
Grafana Labs published a post-incident review of a May 2026 TanStack npm supply-chain ransom attack in which actors exploiting a self-hosted GitHub Actions runner and an overlooked credential exfiltrated repository contents and issued a ransom demand; Grafana engaged Mandiant for a forensic review, declared the compromise contained to its GitHub environment, found no evidence of customer data compromise or code tampering, and performed extensive remediation and security changes.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
