Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Grafana Labs source code leak and extortion demand

Data Leak
First reported
Last updated
Happening score
H score 24
2 unique sources, 2 articles

Summary

Hide ▲

The Grafana Labs codebase was downloaded from its GitHub environment, creating a risk that proprietary source code could be released or misused. The company said no customer data or personal information was accessed, and it found no impact to customer systems or operations. The threat actors then demanded payment to stop release of the codebase. Grafana Labs said it invalidated the compromised credentials and would not pay the ransom.

Related Happenings

GitHub data exposed after GitHub breach

Data Leak
First: 20.05.2026 11:14 Last: 20.05.2026 11:14 Sources 1

About this happening: GitHub confirmed **exfiltration** of **internal repositories**, making private code and related content potentially available to outsiders. Attackers on the **Breached cybercrime...

Open Happening

GitHub internal repositories private-code leak claim

Data Leak
First: 20.05.2026 08:08 Last: 20.05.2026 08:08 Sources 1

About this happening: GitHub is facing a claimed leak of **internal repositories** after **TeamPCP** said it had access to about **4,000 private-code repos** and tried to sell samples. The alleged expo...

Latest development: 21.05.2026 17:45

A malicious version of Nx Console 18.95.0 was uploaded to Visual Studio Marketplace and Open VSX on May 18, fetched an obfuscated payload, and harvested secrets from ~/.vault-token, /etc/vault/token, .npmrc, ghp_/gho_/ghs_ tokens, AWS metadata, and other local sources; GitHub said the poisoned VS Code extension led to unauthorized access to about 3800 internal repositories.

Open Happening

Grafana Labs Says GitHub hit by cyberattack

Incident
First: 17.05.2026 10:13 Last: 17.05.2026 10:13 Sources 1

How related: It said in a series of posts on X (formerly Twitter) that an “unauthorized party” managed to obtain a token, giving them access to the firm’s GitHub environment and enabling them to download its source code.

About this happening: A **Grafana Labs** incident was later tied to the **Mini Shai-Hulud** supply-chain campaign against **TanStack npm packages**. Grafana said an unauthorized party used a token to a...

Open Happening

Mistral AI hit by network compromise

Incident
First: 15.05.2026 01:50 Last: 15.05.2026 01:50 Sources 1

About this happening: Mistral AI disclosed a **codebase management system compromise** tied to the **Mini Shai-Hulud** supply-chain attack, and the intrusion briefly contaminated some **SDK packages**....

Open Happening

Mistral AI internal repositories and source code leak

Data Leak
First: 15.05.2026 01:50 Last: 15.05.2026 01:50 Sources 1

About this happening: A **TeamPCP** forum post claims **Mistral AI** source code and internal repositories were stolen and are now being offered for sale, creating a risk of public release. The alleged...

Open Happening

Timeline

  1. 19.05.2026 12:15 2 articles · 8d ago

    Grafana Labs discloses source code theft and extortion demand

    Initial Disclosure

    Grafana Labs said an unauthorized party obtained a token that provided access to its GitHub environment and enabled download of its source code. The company said no customer data or personal information was accessed and found no evidence of impact to customer systems or operations. It also said it initiated forensic analysis, identified the likely source of the credential leak, invalidated the compromised credentials, added additional security measures, and refused to pay the ransom demanded to stop release of the codebase.

    Show sources
    Open in new tab