SlowMist: Grafana suspected to have been attacked recently

23pds, Chief Information Security Officer of SlowMist Technology, stated in an article on X platform that the open-source data visualization tool Grafana is suspected to have been attacked recently. Attackers used Gato-X to steal confidential signatures and attacked multiple code repositories with App tokens. This workflow has a potentially related application private key, suspected to be used by attackers to inject JavaScript code and steal confidential information using carefully designed branch names.