Grafana this week revealed that the unauthorized access to the Grafana Labs GitHub repositories disclosed earlier this month was the result of the TanStack supply chain attack. On May 11, TanStack and other high-profile NPM and PyPI projects were hit… Read More "Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack"
A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension, security researchers report. The NPM maintainer account ‘atool’, which has access to multiple packages across the @antv namespace,… Read More "Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack"
