Coinbasecartel

breach 2026-05-17
Grafana Refuses Ransom After CoinbaseCartel Pwn Request Attack Steals Source Code From Five Repos
Grafana Labs disclosed that CoinbaseCartel exploited a GitHub Actions pull_request_target misconfiguration to steal privileged CI tokens and pivot into five private repos. A canary token tripped the breach; the company refused the ransom demand.
grafana github-actions pwn-request pull-request-target coinbasecartel supply-chain source-code-breach extortion canary-token

Grafana Refuses Ransom After CoinbaseCartel Pwn Request Attack Steals Source Code From Five Repos