Grafana breach caused by missed token rotation after TanStack attack
Grafana breach caused by missed token rotation after TanStack attack By Bill Toulas May 20, 2026 11:46 AM The Grafana data breach was caused by a single GitHub workflow token that…
Search
Why AI-driven threats are exposing the limits of MSP security stacks
… Automation and AI-assisted response Many MSP environments still depend heavily on manual effort during security incidents. …
Vibe coders are gonna vibe code: How CISOs are tackling code sprawl
… They understand the appeal of using AI to build automations and applications. They also know what happens when that same impulse spreads across an organization without guardrails. It was one of the defining topics of Workflow, a live virtual event hosted by intelligent automation platform Tines. …
GitHub announces npm security changes to tackle supply-chain attacks
… Projects that rely on any of these behaviors for legitimate workflows will need to explicitly opt in before upgrading to npm v12. …
OpenAI confirms security breach in TanStack supply chain attack
… OpenAI says it isolated affected systems and accounts, revoked sessions, rotated credentials across affected repositories, and temporarily restricted deployment workflows. …
How SIEM helps MSPs reduce noise and stop threats faster
… Teams can isolate devices, block accounts, flag suspicious sessions and trigger response workflows automatically. …
Hackers exploit FortiClient EMS flaw to push infostealer malware
… The attacker disguised the malware as an update for Fortinet endpoints and executed it through VPN scripting workflows managed by FortiClient. …
Red Hat npm packages compromised to steal developer credentials
…Those commits added a GitHub Actions workflow and a script that abused npm's publishing mechanism to release backdoored packages. "When the workflow runs, it installs Bun and executes _index.js , passing…
Inside a Crypto Drainer: How to Spot it Before it Empties Your Wallet
… Over time, the operation moved heavily toward automation. Later updates introduced “Zero Config” deployment workflows, allowing affiliates to upload static files, automatically generate phishing-ready packages, and deploy infrastructure with minimal manual work. …
AI-built ransomware toolkit automates EDR evasion, AD discovery
AI-built ransomware toolkit automates EDR evasion, AD discovery By Bill Toulas June 2, 2026 04:01 PM A threat actor is using an AI-built ransomware attack toolkit that automates Active…