Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

TanStack hit by network compromise

Incident
First reported
Last updated
Happening score
H score 21
1 unique sources, 2 articles

Summary

Hide ▲

TanStack was hit by a package compromise on May 11, 2026, when attackers published 84 malicious versions across **42 @tanstack/* packages and abused the release path so downstream installs could run attacker code. The broader Mini Shai-Hulud campaign used those packages to target CI/CD environments and steal tokens, and later reporting linked Grafana LabsGitHub breach and code theft to the same activity. Grafana said the attacker accessed its GitHub environment, downloaded its codebase, and took some internal operational information, while stating there is no indication customer production systems or the Grafana Cloud** platform were compromised.

Related Happenings

Laravel Lang organization hit by network compromise

Incident
First: 23.05.2026 23:48 Last: 23.05.2026 23:48 Sources 1

About this happening: The **Laravel Lang organization** suffered a **repository compromise** that let attackers rewrite **GitHub tags** and ship malicious code through **Composer** installs. The affect...

Open Happening

Laravel Lang credential-stealer dropper delivered through malicious Composer packages

Malware Activity
First: 23.05.2026 23:48 Last: 23.05.2026 23:48 Sources 1

About this happening: A **malicious Composer payload** in **Laravel Lang** packages now threatens **Linux, macOS, and Windows** developers with credential theft. The injected `src/helpers.php` dropper...

Open Happening

Packagist package.json hook supply chain attack campaign

Campaign
First: 23.05.2026 19:07 Last: 23.05.2026 19:07 Sources 1

About this happening: A **coordinated supply chain attack campaign** compromised **eight Packagist packages**, creating repeat execution risk for projects that install the affected versions. The malici...

Open Happening

Laravel-Lang PHP package supply-chain credential-stealing campaign

Campaign
First: 23.05.2026 12:51 Last: 23.05.2026 12:51 Sources 1

About this happening: A **software supply-chain campaign** hit **multiple Laravel-Lang PHP packages**, putting consumers at risk of **credential theft** through tampered release tags. Malicious version...

Open Happening

Megalodon GitHub CI/CD supply-chain campaign

Campaign
First: 22.05.2026 14:55 Last: 22.05.2026 14:55 Sources 1

About this happening: The **Megalodon** campaign pushed **5,718 malicious commits** into **5,561 GitHub repositories** in about **six hours**, creating a broad **CI/CD secret-theft** risk across develo...

Open Happening

Timeline

  1. 21.05.2026 11:00 1 articles · 6d ago

    Grafana Labs reports GitHub codebase theft after TanStack-linked compromise

    Victim Impact Update

    On May 17, 2026, Grafana Labs said an unauthorized attacker had downloaded its codebase after accessing the firm's GitHub environment, and the company later said additional internal operational information and business contact names and email addresses were taken from its GitHub repositories; Grafana Labs said there was no indication that customer production systems or the Grafana Cloud platform were compromised.

    Show sources
    Open in new tab
  2. 12.05.2026 17:45 2 articles · 15d ago

    TanStack hit by network compromise

    Initial Disclosure

    The initial compromise appeared on **May 11, 2026**, when malicious versions were published across **42 @tanstack/* packages** within minutes. Early evidence showed the release pipeline was abused to seed installer-executed payloads into downstream environments.

    Show sources
    Open in new tab