A recent Grafana breach was linked to a missed token rotation following the earlier TanStack supply-chain attack. Grafana confirmed that attackers regained access to internal systems because one compromised credential remained active after the original incident response process. The incident highlights the growing dangers surrounding token management and cloud credential security. Researchers warn that attackers…
The Grafana admin spoofing issue poses a serious threat to organizations using Grafana Enterprise. A newly disclosed flaw allows a malicious actor to create or treat a new user as an existing internal administrator. The vendor confirms the issue affects SCIM-provisioned configurations and urges prompt patching. Vulnerability details Grafana Labs revealed that a maximum severity…