https://cybercrime.club/tags/pull-request-target/Infrastructure security news for people who build infrastructure.Hugo -- gohugo.ioen-usSun, 17 May 2026 23:09:02 -0400https://cybercrime.club/posts/grafana-coinbasecartel-pwn-request-github-actions-source-code-breach/Sun, 17 May 2026 23:09:02 -0400https://cybercrime.club/posts/grafana-coinbasecartel-pwn-request-github-actions-source-code-breach/Grafana Labs disclosed that CoinbaseCartel exploited a GitHub Actions pull_request_target misconfiguration to steal privileged CI tokens and pivot into five private repos. A canary token tripped the breach; the company refused the ransom demand.breach