CoinbaseCartel escalates extortion activity with more than 100 victims
Threat Actor Meta
Summary
Hide ▲
Show ▼
CoinbaseCartel has expanded its extortion operation, publicly listing more than 100 victims on a data leak portal. The growth signals a more scalable criminal ecosystem and raises pressure on additional targets.
Related Happenings
Grafana Labs Says GitHub hit by cyberattack
Incident
First: 17.05.2026 10:13
Last: 17.05.2026 10:13
Sources 1
How related:
Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token.
About this happening:
A **Grafana Labs** incident was later tied to the **Mini Shai-Hulud** supply-chain campaign against **TanStack npm packages**. Grafana said an unauthorized party used a token to a...
Grafana Labs Says GitHub hit by cyberattack
IncidentHow related: Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token.
About this happening: A **Grafana Labs** incident was later tied to the **Mini Shai-Hulud** supply-chain campaign against **TanStack npm packages**. Grafana said an unauthorized party used a token to a...
DoJ/FBI/USSS crypto-fraud domain seizure and charges
Law Enforcement
First: 27.04.2026 18:00
Last: 27.04.2026 18:00
Sources 1
About this happening:
**DoJ**, **FBI**, and **US Secret Service** investigators **seized 503 domains** linked to **fraudulent crypto platforms**, disrupting infrastructure used in a Cambodia-based scam...
DoJ/FBI/USSS crypto-fraud domain seizure and charges
Law EnforcementAbout this happening: **DoJ**, **FBI**, and **US Secret Service** investigators **seized 503 domains** linked to **fraudulent crypto platforms**, disrupting infrastructure used in a Cambodia-based scam...
Grafana AI image-renderer prompt injection patch (GrafanaGhost)
Security Patch Release
First: 07.04.2026 22:52
Last: 07.04.2026 22:52
Sources 1
About this happening:
**Grafana** has **patched** the **GrafanaGhost** flaw in its **image renderer** and **Markdown component**, closing an AI prompt-injection path that could have exposed **sensitive...
Grafana AI image-renderer prompt injection patch (GrafanaGhost)
Security Patch ReleaseAbout this happening: **Grafana** has **patched** the **GrafanaGhost** flaw in its **image renderer** and **Markdown component**, closing an AI prompt-injection path that could have exposed **sensitive...
Grafana indirect prompt injection GrafanaGhost security flaw
Vulnerability
First: 07.04.2026 22:52
Last: 07.04.2026 22:52
Sources 1
About this happening:
**Grafana**'s **AI components** had an **indirect prompt injection** flaw, **GrafanaGhost**, that could let attackers **exfiltrate sensitive data** from user-visible content and s...
Grafana indirect prompt injection GrafanaGhost security flaw
VulnerabilityAbout this happening: **Grafana**'s **AI components** had an **indirect prompt injection** flaw, **GrafanaGhost**, that could let attackers **exfiltrate sensitive data** from user-visible content and s...
ShinyHunters data-theft extortion campaign targeting Salesforce customers
Campaign
First: 07.04.2026 22:39
Last: 07.04.2026 22:39
Sources 1
About this happening:
The **ShinyHunters** extortion campaign is actively pressuring **numerous companies** with ransom demands tied to **stolen data**, increasing exposure for **Salesforce customers**...
ShinyHunters data-theft extortion campaign targeting Salesforce customers
CampaignAbout this happening: The **ShinyHunters** extortion campaign is actively pressuring **numerous companies** with ransom demands tied to **stolen data**, increasing exposure for **Salesforce customers**...
Latest development: 11.05.2026 12:00
ShinyHunters' pay-or-leak campaign exposed data from Zara customers, with HaveIBeenPwned citing over 197,000 affected customers after an April 2026 incident that involved stolen Anodot authentication tokens reaching BigQuery and Snowflake, and the same operation later targeted Instructure's Canvas Learning Management System in late April 2026, affecting 8,809 users across 50 countries and aligning with other victims such as Vimeo, Rockstar Games and McGraw Hill.
Timeline
-
18.05.2026 16:46 2 articles · 9d ago
CoinbaseCartel broadens leak-site extortion
Campaign Scope UpdateCoinbaseCartel is described as a relatively new extortion gang that has been active this year and has announced more than 100 victims on its data leak portal, using the DLS to pressure victims into paying a ransom. The group also says it is behind on many leaks, suggesting additional breaches may still be emerging.
Show sources
- Grafana says stolen GitHub token let hackers steal codebase — www.bleepingcomputer.com — 18.05.2026 16:46
- Grafana says stolen GitHub token let hackers steal codebase — www.bleepingcomputer.com — 18.05.2026 16:46