---
title: Grafana GitHub Token Breach Led to Codebase Download and Ext
type: raw
source: newsletter
source_url: https://www.thehackernews.com/2026/05/grafana-github-token-breach-led-to.html
tags: [security]
fetcher: jina
review_value: 7
review_confidence: 8
review_recommendation: worth-reading
ingested: 2026-05-18
sha256: a86ad620d892de1efa74d8bc5c6c4c4fa2947c73934c69b738b8e94ec9121305
---
Title: Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
URL Source: https://www.thehackernews.com/2026/05/grafana-github-token-breach-led-to.html
Published Time: Mon, 18 May 2026 13:59:53 GMT
Markdown Content:
# Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt
#1 Trusted Cybersecurity News Platform
Followed by 5.70+ million[__](https://twitter.com/thehackersnews)[__](https://www.linkedin.com/company/thehackernews/)[__](https://www.facebook.com/thehackernews)
[![Image 4: The Hacker News Logo](blob:http://localhost/5c34172ae87fab3ecb77bf8cfaf83e48)](https://www.thehackernews.com/)
[__](javascript:void(0))
__
[__ Get the Latest News](https://www.thehackernews.com/2026/05/grafana-github-token-breach-led-to.html#email-outer)
*   [Home](https://www.thehackernews.com/)
*   [Newsletter](https://www.thehackernews.com/2026/05/grafana-github-token-breach-led-to.html#email-outer)
*   [Webinars](https://www.thehackernews.com/p/upcoming-hacker-news-webinars.html)
*   [Home](https://www.thehackernews.com/)
*   [Threat Intelligence](https://www.thehackernews.com/search/label/Threat%20Intelligence)
*   [Vulnerabilities](https://www.thehackernews.com/search/label/Vulnerability)
*   [Cyber Attacks](https://www.thehackernews.com/search/label/Cyber%20Attack)
*   [Webinars](https://www.thehackernews.com/p/upcoming-hacker-news-webinars.html)
*   [Expert Insights](https://thehackernews.com/expert-insights/)
*   [Awards](https://awards.thehackernews.com/)
[__](javascript:void(0))
__
[__](javascript:void(0))
Resources
*   [Webinars](https://www.thehackernews.com/p/upcoming-hacker-news-webinars.html)
*   [Awards](https://awards.thehackernews.com/)
*   [Free eBooks](https://thehackernews.tradepub.com/)
About Site
*   [About THN](https://www.thehackernews.com/p/about-us.html)
*   [Jobs](https://www.thehackernews.com/p/careers-technical-writer-designer-and.html)
*   [Advertise with us](https://www.thehackernews.com/p/advertising-with-hacker-news.html)
Contact/Tip Us
[__ Reach out to get featured—contact us to send your exclusive story idea, research, hacks, or ask us a question or leave a comment/feedback!](https://www.thehackernews.com/p/submit-news.html)
Follow Us On Social Media
[__](https://www.facebook.com/thehackernews)[__](https://twitter.com/thehackersnews)[__](https://www.linkedin.com/company/thehackernews/)[__](https://www.youtube.com/c/thehackernews?sub_confirmation=1)[__](https://www.instagram.com/thehackernews/)
[__ RSS Feeds](https://feeds.feedburner.com/TheHackersNews)[__ Email Alerts](https://www.thehackernews.com/2026/05/grafana-github-token-breach-led-to.html#email-outer)
[![Image 5: cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyqUz0-ifa8jE9rCzud3wzxmhcuzTp1VOWFEvGMoZXDYfaB_4459fPyvyQw7wvAnzjzDL09PkyJM83QGheO69fC3esg1WA7WnJ89i_t_q3K8DxYmgV__QujU8RWRnCK4MpbKqu8nwuMFfLaiRVHy_ov7IZ16hoKI3rIu-5BcISmqXPjlQU7N0sa4lWI-n-/s728-e100/wiz-d.png)](https://thehackernews.uk/wiz-ai-state-d)
# [Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt](https://thehackernews.com/2026/05/grafana-github-token-breach-led-to.html)
__ Ravie Lakshmanan __ May 17, 2026 Data Breach / Cybercrime
[![Image 6](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNcCJY0s2GwOwFeSuqVz941pWrGK3theum-FBFyYO97JnK22OamMheCtr9yEEFfHMvurI7UBgl72blFK6Hm9u358g1V9HbZOk5vocuYMvgjfYLmf2XPNsSG1IiFxlbLvnRaotutjUB5I7sVLVTf1HTozz9FoeVxA3DJOn9wAOolL-HwmATDLlAD-Mgs-tO/s1700-e365/grafana.jpg)](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNcCJY0s2GwOwFeSuqVz941pWrGK3theum-FBFyYO97JnK22OamMheCtr9yEEFfHMvurI7UBgl72blFK6Hm9u358g1V9HbZOk5vocuYMvgjfYLmf2XPNsSG1IiFxlbLvnRaotutjUB5I7sVLVTf1HTozz9FoeVxA3DJOn9wAOolL-HwmATDLlAD-Mgs-tO/s1700-e365/grafana.jpg)
Grafana has disclosed that an "unauthorized party" obtained a token that granted them the ability to access the company's GitHub environment and download its codebase.
"Our investigation has determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations," Grafana [said](https://x.com/grafana/status/2055827123236171827) in a series of posts on X.
The company also said it immediately launched a forensic analysis upon discovering the activity and that it identified the source of the leak, adding the compromised credentials have since been invalidated, and extra security measures have been implemented to secure against unauthorized access.
Furthermore, Grafana revealed the attacker tried to blackmail and extort the company, demanding they make a payment to prevent the stolen database from being published.
Grafana said it has opted not to pay the ransom, citing the U.S. Federal Bureau of Investigation (FBI). The agency has previously warned against negotiating ransoms with perpetrators, as there is no guarantee that doing so will help affected companies get their data back.
[![Image 7: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnNON5UeWywT7OcPNw7V4L7QNWnCnm7Xl_99Y9ek8dL-gRwx-bWxQM1TKqt8deqqrdpUyKMuuijAWyyPQVB0s0qf8ntQ6ldFAJLru-QUWhddKTopc7SeNbBBnd-TsfFyRPP-AAyDuclLlL6XHK4_LXqDC_7eyaz9pzToYr7U543MhrJ7qcK-89sVWHTQUZ/s728-e100/zz-2-d.jpg)](https://thehackernews.uk/threatlabz-vpn-risk-2026-d)
"It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity," the FBI [states](https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-frauds-and-scams/ransomware) on its website.
[](https://www.thehackernews.com/2026/05/grafana-github-token-breach-led-to.html)
Grafana did not reveal when the incident took place or since when the threat actor had access to its environment, only revealing that it learned of the attack "recently." The breach has not been attributed to any known threat actor or group.
However, reports from [Hackmanac](https://x.com/H4ckmanac/status/2055380899840078266) and [Ransomware.live](https://ransomware.live/group/coinbasecartel) indicate that a cybercrime group named CoinbaseCartel has claimed responsibility for the incident.
Per details shared by[Halcyon](https://www.halcyon.ai/jp/threat-group/coinbasecartel) and [Fortinet FortiGuard Labs](https://www.fortiguard.com/threat-actor/6386/coinbase-cartel-ransomware), CoinbaseCartel is a data extortion crew that emerged in September 2025. It's assessed to be an offshoot of the ShinyHunters, Scattered Spider, and LAPSUS$ ecosystems.
[![Image 8: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPEV6-530TOlxG6PjrmdlY623wpBwduZ7t1HV6flcmO5R4q4AmfixDUzW0CrhlvMVNWbhvOIso-UDNTka4W_W9Chrdj_dglwBZwi7DuePM2IMIl-hfUYVIqBXgfpr_2619K8Gptb4LzwJ6gUbi7lWl2M8AFQJsHEaw63Q7tZ6708YGruiHrr0Y2W9YYxLQ/s728-e100/ThreatLocker-d.png)](https://thehackernews.uk/ai-cant-stop-d)
The group, which only focuses on data theft and extortion, unlike traditional ransomware groups, has amassed 170 victims across healthcare, technology, transportation, manufacturing, and business services.
The company also did not reveal what codebase the attacker downloaded, but Grafana offers various solutions like [Grafana Cloud](https://grafana.com/docs/grafana-cloud/introduction/), a fully-managed, cloud-hosted observability platform for applications and infrastructure. The Hacker News has reached out to Grafana for comment, and we will update the story if we hear back.
The development comes days after American educational technology company Instructure [made the controversial decision](https://thehackernews.com/2026/05/instructure-reaches-ransom-agreement.html) to settle with the ShinyHunters extortion group after the latter threatened to leak terabytes of data belonging to thousands of schools and universities across the U.S.
Found this article interesting? Follow us on [Google News](https://news.google.com/publications/CAAqLQgKIidDQklTRndnTWFoTUtFWFJvWldoaFkydGxjbTVsZDNNdVkyOXRLQUFQAQ), [Twitter](https://twitter.com/thehackersnews) and [LinkedIn](https://www.linkedin.com/company/thehackernews/) to read more exclusive content we post.
SHARE[__](https://www.facebook.com/sharer.php?u=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Fgrafana-github-token-breach-led-to.html)[__](https://twitter.com/intent/tweet?url=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Fgrafana-github-token-breach-led-to.html&text=Grafana%20GitHub%20Token%20Breach%20Led%20to%20Codebase%20Download%20and%20Extortion%20Attempt&via=TheHackersNews)[__](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Fgrafana-github-token-breach-led-to.html)[__](javascript:void(0))
[__ Tweet](https://twitter.com/intent/tweet?url=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Fgrafana-github-token-breach-led-to.html&text=Grafana%20GitHub%20Token%20Breach%20Led%20to%20Codebase%20Download%20and%20Extortion%20Attempt&via=TheHackersNews)
[__ Share](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Fgrafana-github-token-breach-led-to.html)
[__ Share](https://www.facebook.com/sharer.php?u=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Fgrafana-github-token-breach-led-to.html)
__ Share
[__](javascript:void(0))[__ Share on Facebook](https://www.facebook.com/sharer.php?u=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Fgrafana-github-token-breach-led-to.html)[__ Share on Twitter](https://twitter.com/intent/tweet?url=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Fgrafana-github-token-breach-led-to.html&text=Grafana%20GitHub%20Token%20Breach%20Led%20to%20Codebase%20Download%20and%20Extortion%20Attempt&via=TheHackersNews)[__ Share on Linkedin](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Fgrafana-github-token-breach-led-to.html)[__ Share on Reddit](https://www.reddit.com/submit?url=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Fgrafana-github-token-breach-led-to.html)[__ Share on Hacker News](https://news.ycombinator.com/submitlink?u=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Fgrafana-github-token-breach-led-to.html&t=Grafana%20GitHub%20Token%20Breach%20Led%20to%20Codebase%20Download%20and%20Extortion%20Attempt)[__ Share on Email](mailto:?&subject=News%20Article%E2%80%94Grafana%20GitHub%20Token%20Breach%20Led%20to%20Codebase%20Download%20and%20Extortion%20Attempt&body=Check%20out%20this%20article%20from%20The%20Hacker%20News.%20%20%20Grafana%20GitHub%20Token%20Breach%20Led%20to%20Codebase%20Download%20and%20Extortion%20Attempt%20%E2%80%94%20https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Fgrafana-github-token-breach-led-to.html)[__ Share on WhatsApp](https://api.whatsapp.com/send?text=Grafana%20GitHub%20Token%20Breach%20Led%20to%20Codebase%20Download%20and%20Extortion%20Attempt%20%E2%80%94%20https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Fgrafana-github-token-breach-led-to.html)[![Image 9: Facebook Messenger](blob:http://localhost/4790c518974848fb287f0be1d99a37a0)Share on Facebook Messenger](fb-messenger://share/?link=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Fgrafana-github-token-breach-led-to.html&app_id=280117418781535)[__ Share on Telegram](https://telegram.me/share/url?url=https%3A%2F%2Fthehackernews.com%2F2026%2F05%2Fgrafana-github-token-breach-led-to.html&text=Grafana%20GitHub%20Token%20Breach%20Led%20to%20Codebase%20Download%20and%20Extortion%20Attempt)
[SHARE __](javascript:void(0))
[CoinbaseCartel](https://thehackernews.com/search/label/CoinbaseCartel), [cybersecurity](https://thehackernews.com/search/label/cybersecurity), [Data Extortion](https://thehackernews.com/search/label/Data%20Extortion), [FBI](https://thehackernews.com/search/label/FBI), [GitHub](https://thehackernews.com/search/label/GitHub), [Grafana](https://thehackernews.com/search/label/Grafana), [LAPSUS$](https://thehackernews.com/search/label/LAPSUS%24), [ransomware](https://thehackernews.com/search/label/ransomware), [Scattered Spider](https://thehackernews.com/search/label/Scattered%20Spider), [ShinyHunters](https://thehackernews.com/search/label/ShinyHunters)
[![Image 10: c](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJ6Ij4NJB1TTOtrxAFIKWwGA-PUlnS9as5AumGc9FrTHJP_QFdUUYBhn1I-xkcQ-Hig1BTAc9d6jZ_VRYAIZXa_u_vopIxUk5R1E95hjkqf3clEgct5mbNOuNBaUL23VbbLfkWffLdTM3Z47-Qqid0wR2074f9hnPqMhI4REY1oxeoYcsvYM3_X5wvU2P-/s300-e100/ThreatLocker-side.png)](https://thehackernews.uk/ai-vs-ai-short)
[![Image 11: c](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgY0BC0ZfiOQsJz-LdE3CCEcrNcsKZq2vaQDObdf-k8AWLpHHXBHgdGfcpakC-JN81pT3FXjW4Y3EFV82j-qe6agmPqcjD6HdMi3_lzZVo6fZxjeFSqRvSbtHblSI9HbxvNQYPBV3An3wCWNMp4-9pbEe67Q6n_phgUlzpMgpu3Fz5iBaqHKXMM3DR8zOJJ/s300-e100/maze-1.png)](https://thehackernews.uk/mazebolt-ddos-downtime)
⚡ Top Stories This Week
[![Image 12: New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZEVPJhl5rAx5o22-s1GQ6E1KKHMlOsazAfObgwK72r5EGxr52OkNRHHQXJdHt39DQop0SAhxE_t9nMKgXxHNgYv1zyB-ZR1IqCIKUK2feTpx1swr4dZzKLpZ5uldjrOAX6qH-wYnUfRWieA2xQWPbAUB1JpXhkBGq4AA0Ft07F7MFqZSHCS9SMR6uXjoC/w72-h72-c-rw-e365/linux-2.jpg) New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption](https://thehackernews.com/2026/05/new-fragnesia-linux-kernel-lpe-grants.html)
[![Image 13: 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhCvxtNv7UYYMCITB2HLsBgkN83LdRXcw0wmP9gMAfXeNpmJoOJKNIaQb55b-GLDeQHx-dUBkASGDYgstnvYAE5eFuwyzMSxY804fn56OaTsGlESOab9y-kFHJ-iV5iUlWrc5j27WLduUDhW6nRSjkv5tFMKZjDbbmDdk7_NMZ3y7sipHKy7t4XuMQ9YfG/w72-h72-c-rw-e365/nn.gif) 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE](https://thehackernews.com/2026/05/18-year-old-nginx-rewrite-module-flaw.html)
[![Image 14: Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgz_tK9S8jS_n5CK694-FLGjQP5_Mmpg7z9ZRiBayWsJLsuFRIm-8j1hTlhH90779FvnvhpiFKeGP9CzI5RCPsxQEnOzAIQsPzUsAJhUWtNm9iwf9C1W9DbDmqoQ_jjHhM7huYDV210OB9o1L9NPoJ0IL6R9Xc-V4JQ91Kn-b47_2ravRJ6-qlZOVrqsuAz/w72-h72-c-rw-e365/openclaw.png) Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence](https://thehackernews.com/2026/05/four-openclaw-flaws-enable-data-theft.html)
[![Image 15: Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9rok1ToP_K0gWug0GnICltZkvx6bMRyhHfTJG1AcSfrGpM_fOVc61O3Fpyen_IW-wpb4s6Hl3qZcU5nEs77SMWSpKNDR4rrlY2syVVSNEBrpHx8RkWmYaN9MZORNICc8LNhuNjXqqhxmy7JN-y389oyQnAAFoBMJC1NoQSQFaOZ2MnrpKQRfv_eYXIoWI/w72-h72-c-rw-e365/cisco-exploit.jpg) Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access](https://thehackernews.com/2026/05/cisco-catalyst-sd-wan-controller-auth.html)
[![Image 16: New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrSn3emm_NbwXDi3elR0wo5ErHhg-gPT4-u4zk7MHZg4u0ruMmj2_KGgPF8fz06Riv6Gu5NXMN3eBP8H5bVf6dmvOz-lvb-qrvhLlssLUzl97ZVmIWoIOmMPOGrupv864dt0d4V_dxgaaxYYNuy2z9rbZMWIOcjlwZaiifq4-ktRqlEBCJ6a_m3MFiwq65/w72-h72-c-rw-e365/exim.jpg) New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution](https://thehackernews.com/2026/05/new-exim-bdat-vulnerability-exposes.html)
[![Image 17: ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjImYNT-qC7frGzEXeok3KDX_JNMKote6V1FVXIpkAoSEER2z1YyT8dpFq5RtRhBQ0cweEPbBIuioDWFf5rw_Mf-0V6rXR2ZrMh2ISDa7X7NlV9zIGsoLSAnyd_86eVkrR4wU24yxbuCYaAmyGFwlF77YCjvgU3n43P-yFT-pzjsmQ35Oaut1klg62bs_-i/w72-h72-c-rw-e365/threatsday-2.jpg) ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories](https://thehackernews.com/2026/05/threatsday-bulletin-pan-os-rce-mythos.html)
[![Image 18: ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiD4a3gzeAEAv4Bs5FqWbHG1cRyNqIOjygeSxxpNoChwyyMUWlbZHzkG0n8ysGpoAYuKqklfMtTKRct0OeYktaKLhdXpRH5pKH94tVaMX7iPeNDf7vZjFky3myBkFPJPl1xIdsWDlIYP30IeR7IZGhQZ5p82yHRdRO1OGkpAtTWgZcQSG3zXqh9tLbSSrgP/w72-h72-c-rw-e365/cyber-recap.jpg) ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More](https://thehackernews.com/2026/05/weekly-recap-linux-rootkit-macos-crypto.html)
[![Image 19: Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj92eUjjTTMJPizvUJGwq7Ych7nrXHwGRNt3hS9yjNGRJk5d3pdIKjeZhQDVuFp0DnKjP4qoieGWFjswm7nHDLBaxWC3DxFIfLfRjMSEXd0Ta04vcTrbCpS9PEXebUUbMBxBt0VOb-PKVk-7Cq0FjuMXl4VtKneb5a3ujCo872goPN22GBFFhReJtWsQJLK/w72-h72-c-rw-e365/oll.jpg) Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak](https://thehackernews.com/2026/05/ollama-out-of-bounds-read-vulnerability.html)
[![Image 20: cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgInpdPoL0Kf1i9D6daAAGB1QPCR3E0d_ArELz-ks1Y6cJ_low0jdZYqamKMKMxC12OC-XMwUrDIWdh_xK_d7zLLQfH-rDl0-Vi_VSsFswAuJL0mEtQg-FW66c_1it8d59p2An-T3_oQJ_Q_yHLiX0PHtEq2OdLcGXwxniVKGJGLusWdjJfP7M-H9ADm8cK/w72-h72-c-rw-e365/cpcp.jpg) cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor](https://thehackernews.com/2026/05/cpanel-cve-2026-41940-under-active.html)
[![Image 21: Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1Iq16GS3jdGiIU24GHBkwg6unk05ctdgYwXO5df8zRu1qko95_XhszCjq6jlEIRozLsrtZHgi5GqDZnS1Sw_KDzUzsagwP0If3VswmYHsnuYwVseU2lapxQiPpItTdAiv-CCdTFR87ZVOu65buyvmvzmdWuJPKHuPA4DSo58HQIMAV__2ymsmRe2g3UVe/w72-h72-c-rw-e365/windows-ai.jpg) Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday](https://thehackernews.com/2026/05/microsofts-mdash-ai-system-finds-16.html)
[![Image 22: Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI and More Packages](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXIhs2kZt0YGdDcd-Io67mq1GIN_iI_71LYhuin4qqmlgUgCuZ3fGUvglg_5nh5DK8kfPP8RHki86yMyqh4rTE27PGgPBh4RQjkh91-QGoB8cav5NUsYAwcV3ZJ7aEf-uEoH3pLGQ2eWuCh8lZSWAlTIa2U5I6eeB3HZmYMn4q-YoV7Ytmkpr1tN0lC2rG/w72-h72-c-rw-e365/mistral.jpg) Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI and More Packages](https://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.html)
[![Image 23: Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXt7ooDl2PwJY4nazAKdW9rmILsmosve2FZaO9usxTk_rkksEEvsLgY-uc_MErXvjvusuWjN7PWRM9KaRXB1OkL75gio7tcqpMsPZxaFNE9XDpYmARH3Dw_gGgddwWXHSt5VUJ-lb56F9bCVzTYghEo7qELWVv8K_W8V1BrWgssgqWkzPJxW6I31i_GyYf/w72-h72-c-rw-e365/windowss.jpg) Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation](https://thehackernews.com/2026/05/windows-zero-days-expose-bitlocker.html)
[![Image 24: Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjk3m3CoTiKH2QVXSFAOVKKnTl-Ybt1FDE4M7BGK_ujskSYNQ8pOlcvZfyNv8CW2EJIVdMQaORcCE0H-_ufTvD6hR-LOOZ64GZPS_9bH7YrE4i0r4LrGCn7vXmG0GjpFk8aNlRR_4_GjrM-jhXBS1NzIbYiRydcmiNSXIV2eUczvgjGmp34_gNz3M5kt-Jf/w72-h72-c-rw-e365/windows-patch-update.jpg) Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws](https://thehackernews.com/2026/05/microsoft-patches-138-vulnerabilities.html)
[![Image 25: Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgF329-zAoI4gwIW3h3gRYiDJjcRSyWPM4DLHFQwNNGfLTVaROqIfQZ0QB1FwWGmvMGuyNAF9Q6QBYcwLsqMsCka5Lqu82CzUbrBULnUDQwtY_4z6KiOEKSETes6as77XfUCaJVBUOCovZz8jajp6vBp9AAjHiS7BEviANEH0FxmzZwdrTapD3R-gPQWKJ1/w72-h72-c-rw-e365/ai-hacker.jpg) Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation](https://thehackernews.com/2026/05/hackers-used-ai-to-develop-first-known.html)
[![Image 26: On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirN79ZRjEd5wnVbOTlJJsWjQ54cwSj2bM5NDzBSgAFO8f_9LrlIwQRI0ZogQX42iejmhgc1n2YcA91pFrVqtqNKKyAIXblcQ1Yx9LTs1TeNDbNN6JMUBXCKDK1W0IwnwvYl1dhQmcyTPHwakckKT_Kc9fAUDAJRj94g2pENrjy4UyTCCniOXI2rO-q66PC/w72-h72-c-rw-e365/Microsoft-Exchange.png) On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email](https://thehackernews.com/2026/05/on-prem-microsoft-exchange-server-cve.html)
[![Image 27: [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjhKoTt2TCJhCZC7cgKpISoFL1hoD6YqAXVIIIzKZEyYmvXusJXxb2WQ_cYnjRCYdKeOJj2756fnWj2had24_OCECDq5bDf7y98vuYhsKSbrbRH1WYIqpwCF47lLsvrgFGLPkhomycGiEHqDa50OjwuwIZmH6cAu1vOXoXOiTzU4Si8qq6YPfo2r4OsP4KI/w72-h72-c-rw-e365/wiz.png) [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud](https://thehackernews.com/2026/05/webinar-why-your-appsec-tools-miss.html)
Load More ▼
⭐ Featured Resources
[![Image 28: Articles](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9jsZB0c_iNwfRZXf0vf1qU4cPU4jI7yxEHT6aupC6pecMnNLhg2Z5r2FhdsweHJVXyVx3GH3QQDvSOTqqyHF4pOgAn45j-IGE5cKSUrtz6T855Qav0sINF1sXgJsv14sYxo9E-lhRnhyphenhyphenDeEg4U06-jygX9NPbWQBEhni_09xXm6WZ16sh9iC1vdW0kHi7/s72-e365/webi.jpg) [Webinar] Learn How to Handle Critical SOC Alerts With AI Support](https://thehackernews.uk/cirosec-radiant-soc)
[![Image 29: Articles](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmw8x4SO834-BAPFGufRNc9LFa8q3LnvbbD0-PRi1nIfEHBZLxfznw73UFbHE5uvrFGp5FZ4NPOtZng10v0iOTb0VIiEG0mVIhypDTgJRhALVJ7GgoZ11fj-JxXPDYyB6plXTbWpikWqVkj5RF8twJRfpBJFSD_izzQ7EAqUEmEJ6vQNvZE8DKshlxm34Z/s72-e365/pbook.jpg) [eBook] Get the 3-Number SOC Diagnostic to Reduce Queue Risk](https://thehackernews.uk/prophet-queue-breach)
[![Image 30: Articles](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAKJ9s4P_DZr0GBTgogU4yFfinEDC3M2SaWc4DCXdhNiMZJgH9XdazL4vJrtCapE4hgmMWvMOs2EVFXPKPLHjMv0LQQujjskX05igHJwf8ItlhXv201XD3Nxg7Tz2rPsB2ZVH3eWu6P7sRTpBIixRia3NVddfLIkEm2cL09T-utNRfpl9tZOv8PinpVGOo/s72-e365/bitd.jpg) Identify Internal Attack Surfaces More Efficiently With a Free Assessment](https://thehackernews.uk/bitdefender-phasr-assessment)
[![Image 31: Articles](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixhFqL7l7pMerWjpstFQ_PnSDkP6VSQL0OaOqUa_XOXPa7l9wWV2LF4i49RZhks5QP-5bcRSjxB0oX3LJSrIFQLDOVOmPzH6DZXes2rvEwFzk75u_sqR-hK5RwGH7dm6h0WnvAaCnUeCDQskkSakOvmsgceOguijcigeeOFML29877NFarp3MyRdYUFKQE/s72-e365/phishings.jpg) [Guide] Stop Email Fraud Before It Turns Into Ransomware Damage](https://thehackernews.uk/kaseya-phishing-ransomware)
## Cybersecurity Webinars
[Building Stronger Defenses ### Stop Patient Zero Attacks Before They Bypass Detection Learn how to stop patient zero attacks before they bypass detection and compromise your systems at entry points. Join the Webinar](https://thehacker.news/patient-zero-playbook?source=below)[Reduce AppSec Risk ### Validate Real Attack Paths Before Attackers Exploit Them Learn how to validate real attack paths and reduce exploitable risk with continuous agentic security validation. Secure My Spot](https://thehacker.news/top-attack-paths-appsec?source=below)
⚡ Latest News
Cybersecurity Resources
[![Image 32: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnR-FD5khNjlqbpkjaaifyFyn7PKDs5-W8JytBtQ-cjE_XnnHmHrjek1kppntQeTa5ouPeuqOyJIPxBIEOlCzwx3qXrJ6TIUKdJ3cHtOnl3tXsTNRuz7eucMD_2HMnC_zx0gSCsvSoTXLwSynUs27ZE_Rxfg7-x3-XwklvG8HvnZ3YlbWSE3T1w7MHc__r/s500-e100/orc-3.gif) ROI Calculator: See the Value of IAM Automation Calculate your savings on audits, app onboarding, and discovery. Try it now.](https://thehackernews.uk/calc-tool)[![Image 33: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUas4KOce8ComJG5TW2uigorerrcCPf4cjsao7P2In6sgYdLwVMmRFB7bqZ6v0LJXrWDN6LIdgvwvK-kpnISCL7wzLDsSYAVs-XXs-qgcP41i1lj-H3ZYgpXz9Utd_6aCQBoyLo9feismppmickqgr_jwBGQuBazVrSqYDc8pWyFU2x6hkbi7GD1m9NXYc/s728-e300/gg.png) Earn a Master's in Cybersecurity Risk Management Lead the future of cybersecurity risk management with an online Master’s from Georgetown.](https://thehackernews.uk/cyber-risk-program)[![Image 34: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5xgqKks0CPzyD6bHqgTYhh_d5HJlneRWMXCcczjkKRpGlWsno5rgAPkYtT8Essum3hhW57wq9Ww2wrW9ZwApaL1LMFd0JYKIj0ap5t5zlqUvVkdMPF1VQAPlsB4rULnH6o43hGVQ2FC6YgsOvCETUw6byw5ISxCIEFgVQlx5LateUUf66qQsSyJdi1-JZ/s728-e100/sans.jpg) AI Is Reshaping Every Attack Surface. Train for What's Next SANSFIRE 2026 in D.C. brings 50+ courses, AI-focused sessions, and NetWars. July 13–18. Save $500.](https://thehackernews.uk/sans-training-fire)[![Image 35: Cybersecurity](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCyK3mSumMJPUnI4kYAEcB0kS-ZSB7ZtBTA0xs3tlLhDSQ54FWotA2Ub_e7XLbtTCOqM9k1cAnk6t0Wu7-01W0seVE56jCVFacwmWMu2S5K8EN3MLqE4un8a8_0mWm7fXyXDQO3fSq28M40u2dSATlucFhuKxWUF56thZHx6hRXXVX7d73RzdD6Wc1kQlp/s728-e100/zz-2.jpg) Your VPN is Helping Attackers Move as Fast as AI AI collapsed human response window and turned remote access into fastest path to breach.](https://thehackernews.uk/zscaler-risk-vpn-2026)
Expert Insights [Articles](https://thehackernews.com/expert-insights/)[Videos](https://thehackernews.com/videos/)
[![Image 36: Expert Insights](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgx5aXA_dqrL_o6tE5Tyax4NyGOE4-U3wOmwdDIAbM52rMy20vPRAFMkb3A4clw95D8lUt6b-oATU2tzjxORLueW1eeK-tSVGxd39ocGk3GvhR295T2W2xLjharvIZgecXgJ3fSHvzYS7hycx5BfH5SYXrJLSU2IfSX6GVJR6Yg2ntL04HILj1jiGatQCcV/s728-e300/git-unit.jpg) ## Time-to-Revoke: The Metric CISOs Need in the AI Exploit Era __ May 18, 2026 Read ➝](https://thehackernews.com/expert-insights/2026/05/time-to-revoke-metric-cisos-need-in-ai.html)[![Image 37: Expert Insights](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7bzViRBZPcdhDfFEcbssWgmEICEFNQElLMsACP7RiG6pXiCKNElMNiZJPgqr8vGgN6uzWWfL1TKQiRB44MvCRGhTMlfYp4W3DXYdWDC9VuCbyI4N7yDluCjGS_8ouNGfaIVrr0CoUVHbt_VLURGpizFT1BZk1B3FwGuNC4-BPYLy1Eq6DM6Dtim6v9WoJ/s728-e300/checkpoint-unit.jpg) ## Agentic Attacks Arrived Over a Year Ago. Your Remediation Hasn't Caught Up. __ May 18, 2026 Read ➝](https://thehackernews.com/expert-insights/2026/05/agentic-attacks-arrived-over-year-ago.html)[![Image 38: Expert Insights](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjTSEWgoYbM_x8ISJ4teHW00qEEPHYCfm-ZYm0ZhIROBvcK8ldF7uQwhGs5quuDtGd4NHhyQmEr4nbLZiyOloMf2XNYN77QEvQcYnJhacb-z7vtyULe-Xj0SQvLXBI2jMwgTBVdP68qMb9Y08obh78Tq1-DeYVn2QkXC6FHeycPK490sUyxwBGseAyOKU31/s728-e300/oneidentity-unit.jpg) ## The Non-Human Identity Crisis: Why Your Machine Identities Are Your Biggest Governance Gap __ May 18, 2026 Read ➝](https://thehackernews.com/expert-insights/2026/05/the-non-human-identity-crisis-why-your.html)[![Image 39: Expert Insights](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1AhWsjHriIk06MMcIvTv4WPtNL2sICBs9YQxb-D0fdjZ1EQ9fWW2BteIiyXHW-2W50Xx9wZSZJVaZ8gZDEtuux0SP4tKxN8mM3LIW9DWtz8K0w0F08cPNOShWNxfcTVAuuJAqfHM_unzRxtwqQ0ntJslXT7UXMQR7ydImKVIxIe1PL9iSMOte6DUgsMNM/s728-e300/ironscales-unit.jpg) ## 7 Signs Your Organization Is Vulnerable to Business Email Compromise __ May 18, 2026 Read ➝](https://thehackernews.com/expert-insights/2026/05/7-signs-your-organization-is-vulnerable.html)
Get the Latest News in Your Inbox
Get the latest news, expert insights, exclusive resources, and strategies from industry leaders, all for free.
- [x] - [x] 
Email 
Connect with us!
[__ 1,300,000 Followers](https://twitter.com/thehackersnews)
[__ 710,100 Followers](https://www.linkedin.com/company/thehackernews/)
[__ 25,500 Subscribers](https://www.youtube.com/c/thehackernews?sub_confirmation=1)
[__ 157,500 Followers](https://www.instagram.com/thehackernews/)
[__ 1,990,000 Followers](https://www.facebook.com/thehackernews)
[![Image 40: Google News Icon](blob:http://localhost/d9c712dcc9cf552b3323fda6e1fe7145) 55,500 Followers](https://news.google.com/publications/CAAqLQgKIidDQklTRndnTWFoTUtFWFJvWldoaFkydGxjbTVsZDNNdVkyOXRLQUFQAQ)
Company
*   [About THN](https://www.thehackernews.com/p/about-us.html)
*   [Advertise with us](https://www.thehackernews.com/p/advertising-with-hacker-news.html)
*   [Contact](https://www.thehackernews.com/p/submit-news.html)
Pages
*   [Webinars](https://www.thehackernews.com/p/upcoming-hacker-news-webinars.html)
*   [Awards](https://awards.thehackernews.com/)
*   [Privacy Policy](https://www.thehackernews.com/p/privacy-policy.html)
[__ RSS Feeds](https://feeds.feedburner.com/TheHackersNews)[__ Contact Us](https://www.thehackernews.com/p/submit-news.html)
© 2026 The Hacker News. All Rights Reserved.