Grafana Discloses GitHub Breach After Extortion Attempt by CoinbaseCartel Grafana recently revealed that an unauthorized party gained access to its GitHub environment using a compromised token, allowing the attacker to download the company’s codebase. The incident, discovered "recently," did not expose customer data or disrupt operations, according to Grafana’s statement on X. The company swiftly invalidated the compromised credentials, conducted a forensic investigation, and implemented additional security measures to prevent further unauthorized access. The attacker attempted to extort Grafana, demanding payment to prevent the stolen data from being published. Grafana refused, citing FBI guidance against ransom payments, which warns that such transactions fail to guarantee data recovery and embolden cybercriminals. The breach has not been linked to a specific threat actor, though reports from Hackmanac and Ransomware.live attribute the attack to CoinbaseCartel, a data extortion group that emerged in September 2025. CoinbaseCartel, assessed as an offshoot of ShinyHunters, Scattered Spider, and LAPSUS$, specializes in data theft and extortion rather than traditional ransomware. The group has targeted 170 victims across sectors including healthcare, technology, and manufacturing. While Grafana has not disclosed which codebase was accessed, its portfolio includes solutions like Grafana Cloud, a managed observability platform. The incident follows a recent controversial decision by Instructure, an edtech firm, to pay ShinyHunters after the group threatened to leak terabytes of data from U.S. schools and universities. Grafana has not provided further details on the timeline of the breach or the attacker’s access duration.

Massive Supply Chain Breach Hits 84 npm Packages in TanStack Ecosystem A sophisticated supply chain attack compromised 84 npm packages within the widely used TanStack ecosystem, including high-profile libraries like React Router (12M+ weekly downloads). The breach, part of the Mini Shai-Hulud malware campaign, targeted continuous integration (CI) environments such as GitHub Actions, injecting a credential-stealing tool designed to evade detection. Security firm Socket detected the malicious packages within six minutes of publication using an AI-powered scanner. The attack extended beyond npm, infecting Python packages like OpenSearch, Mistral AI, Guardrails AI, and UiPath. A message left by the attackers signed TeamPCP confirmed they had been exfiltrating developer credentials for hours during the investigation. ### Attack Mechanics The malware, embedded in an obfuscated script (router_init.js), acted as a self-propagating worm. Key tactics included: - Stealth Execution: Detached from terminal sessions, running silently in the background. - Credential Harvesting: Targeted GitHub Actions tokens, AWS metadata, Kubernetes certificates, and HashiCorp Vault clusters. - Persistence: Hid copies in VS Code and Claude AI config directories, ensuring reinfection on workspace reopening. - Exfiltration: Used the Session peer-to-peer network to blend stolen data with encrypted messaging traffic. The attack leveraged a malicious `optionalDependencies` block in package.json, pointing to a compromised GitHub commit. During `npm install`, a `prepare` lifecycle hook executed tanstack_runner.js, triggering the payload. ### Chained GitHub Actions Exploit TanStack’s postmortem revealed the breach stemmed from a chained attack on their GitHub Actions pipeline. Attackers exploited a vulnerable pull request target pattern, poisoning the workflow cache to execute malicious code. Instead of stealing static npm tokens, they extracted runtime OpenID Connect tokens from runner memory, enabling legitimate authentication to push compromised updates. ### Response & Indicators of Compromise (IOCs) TanStack deprecated affected versions, purged workflow caches, and implemented stricter repository protections. Key IOCs include: - Malicious Files: - `router_init.js` (SHA256: `ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c`) - `tanstack_runner.js` (SHA256: `2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96`) - Network Targets: - `hxxp://filev2[.]getsession[.]org/file/` (Session P2P exfiltration) - AWS metadata endpoints (`169.254.169.254`, `169.254.170.2`) - GitHub API (`api.github.com/repos/`) and npm token validation endpoints.

Mistral AI Suffers Data Breach: 450 Repositories Stolen and Auctioned on Dark Web The hacking group TeamPCP has stolen 450 internal repositories totaling 5GB of source code from Mistral AI, a leading AI development company. The stolen data, which includes code used for training, fine-tuning, benchmarking, and model delivery, is now being auctioned on the dark web for $25,000. TeamPCP, which previously executed a supply chain attack called Mini Shai-Hulud against the TanStack npm package (a widely used UI toolkit with 177 million weekly downloads), distributed infostealer malware to harvest developer credentials, cloud secrets, and SSH keys. The group claims the stolen Mistral AI data contains experimental and future project materials and has warned that if no buyer emerges within a week, they will leak the entire dataset for free. Mistral AI confirmed the breach, stating that attackers compromised a codebase management system and briefly contaminated some SDK packages. However, the company emphasized that core systems, hosted services, user data, and research environments remained unaffected. The auction is exclusive to a single buyer, with TeamPCP even inviting Mistral AI to purchase the data back. The group has indicated that the $25,000 price is negotiable. The incident highlights ongoing risks in AI development supply chains and the potential exposure of proprietary model training materials.