According to Odaily Planet Daily, the Chief Information Security Officer of Slow Mist issued a security alert, as the open-source data visualization tool Grafana is suspected to have been attacked. Attackers used Gato-X to steal signature keys and infiltrated multiple code repositories by abusing application tokens.
Preliminary analysis shows that attackers may inject JavaScript code to steal sensitive information by spoofing malicious branch names. Targets include generating high-privilege GitHub tokens using tibdex/github-app-token, tampering with the grafana/grafana repository, and implanting covert backdoors. Slow Mist reminds users to remain vigilant.