Github-Actions

breach 2026-05-17
Grafana Refuses Ransom After CoinbaseCartel Pwn Request Attack Steals Source Code From Five Repos
Grafana Labs disclosed that CoinbaseCartel exploited a GitHub Actions pull_request_target misconfiguration to steal privileged CI tokens and pivot into five private repos. A canary token tripped the breach; the company refused the ransom demand.
grafana github-actions pwn-request pull-request-target coinbasecartel supply-chain source-code-breach extortion canary-token
supply-chain 2026-05-12
Mini Shai-Hulud Wave 4: TanStack, Mistral AI, UiPath Hit by First-Ever SLSA-Attested Malicious npm Packages (CVE-2026-45321)
TeamPCP's fourth Mini Shai-Hulud wave compromised 42 TanStack packages, the Mistral AI SDK, UiPath, OpenSearch, and Guardrails AI by stealing OIDC tokens out of a GitHub Actions runner's process memory — and shipped malicious versions with valid SLSA Build Level 3 provenance attestations.
supply-chain npm pypi github-actions oidc slsa provenance teampcp shai-hulud tanstack mistral-ai ci-cd
supply-chain 2026-04-02
TeamPCP's Supply Chain Cascade: Trivy, KICS, LiteLLM, Telnyx Compromised — Now Pivoting to Ransomware via Vect
TeamPCP poisoned Trivy, KICS, LiteLLM, and Telnyx across GitHub Actions and PyPI in March 2026, harvested ~300 GB of CI/CD secrets, breached Cisco and AstraZeneca, and has now partnered with Vect RaaS to convert stolen credentials into ransomware deployments.
supply-chain trivy kics litellm github-actions pypi ransomware teamPCP ci-cd kubernetes

Github-Actions

Grafana Refuses Ransom After CoinbaseCartel Pwn Request Attack Steals Source Code From Five Repos

Mini Shai-Hulud Wave 4: TanStack, Mistral AI, UiPath Hit by First-Ever SLSA-Attested Malicious npm Packages (CVE-2026-45321)

TeamPCP's Supply Chain Cascade: Trivy, KICS, LiteLLM, Telnyx Compromised — Now Pivoting to Ransomware via Vect