top of page
ALL POSTS
Grafana Rejects Ransom Demand Following Source Code Theft in GitHub Breach
Key Findings Grafana Labs suffered a breach allowing attackers to download source code after compromising a GitHub token No customer data exposure or impact to customer systems was found during investigation An attacker demanded ransom in exchange for not releasing the stolen code Grafana rejected the extortion demand, citing FBI guidance against paying ransoms Compromised credentials have been revoked and new security safeguards implemented The company plans to release addit
May 182 min read
Grafana GitHub Token Breach Results in Codebase Theft and Extortion Plot
Key Findings Unauthorized party obtained a GitHub token granting access to Grafana's environment and downloaded company source code Attacker demanded ransom to prevent stolen code from being published; Grafana refused to pay No customer data, personal information, or impact to customer systems was identified CoinbaseCartel, a data extortion group that emerged in September 2025, has claimed responsibility Grafana invalidated compromised credentials and implemented additional s
May 172 min read
Grafana Patches Critical SCIM Flaw Enabling Impersonation and Privilege Escalation
Key Findings Grafana has patched a critical vulnerability (CVE-2025-41115) in its SCIM (System for Cross-domain Identity Management) implementation with a CVSS score of 10.0. The flaw could allow a malicious or compromised SCIM client to provision a user with a numeric `externalId`, enabling potential impersonation or privilege escalation under certain configurations. The vulnerability affects Grafana Enterprise versions from 12.0.0 to 12.2.1 and has been addressed in Grafana
Nov 22, 20252 min read
bottom of page
