GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise

GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise

GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer tool with 2.2 million installs. A malicious version of the otherwise benign extension was used to steal secrets and developer credentials, which were then used to move through CI/CD pipelines and exfiltrate around 3,800 of GitHub’s private code repositories. One missed token, many victims The company … More →

The post GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise appeared first on Help Net Security.

Related Posts

CTERA brings AI insights and automation for unstructured data

CTERA brings AI insights and automation for unstructure...

Why AI changed the threat model for travel technology

Why AI changed the threat model for travel technology

Virtru centers file collaboration around data-level protection

Virtru centers file collaboration around data-level pro...

Terra adds continuous network exploitation validation to its platform

Terra adds continuous network exploitation validation t...

Riverbed introduces new Aternity tools for autonomous IT operations

Riverbed introduces new Aternity tools for autonomous I...

Microsoft Warns of Two Actively Exploited Defender Vulnerabilities

Microsoft Warns of Two Actively Exploited Defender Vuln...