新闻

The hackers exfiltrated a codebase that was already open source, then demanded payment to keep it from being released. Grafana said no, and cited the FBI's standing advice. It is the second high-profile extortion case in seven days. Grafana Labs, the open-source monitoring and visualisation company, disclosed on Monday that hackers had broken into its development environment, exfiltrated a copy of its codebase, and demanded a ransom to prevent the code from being released. The company said no, and the codebase, on the most awkward fact in the story, is already open source. The mechanics are the part that matters. Grafana's own statement on X confirmed that the attackers obtained a stolen token credential, which gave them access to the company's GitHub environment, which Grafana uses for code development. The token did not, on the company's account, provide access to customer records, customer systems, or financial data. The token has since been invalidated, and additional security controls have been layered on top. The Hacker News reports that the root cause was a recently enabled GitHub Action containing a 'Pwn Request' misconfiguration, in which a pull_request_target workflow granted external contributors access to production CI secrets, and that the intrusion was caught by one of Grafana's deployed canary tokens, triggering an internal alert. The attackers, identified across Register and HelpNet coverage as a data-extortion group calling itself CoinbaseCartel (active on the cybercrime scene since September 2025, on Halcyon and Fortinet FortiGuard tracking), framed the leverage as a release-or-pay choice. The company's response, in its own words: 'The attacker attempted to blackmail us, demanding payment to prevent the release of our codebase.' Grafana cited the FBI's long-standing advice that paying ransoms doesn't guarantee you or your organization will get any data back, 'offers an incentive for others to get involved in this type of illegal activity, and ultimately funds further attacks. What gives the case its texture is the seven-day comparison. Education-technology giant Instructure, whose Canvas learning-management platform serves 275 million users across more than 8,800 institutions, reached an agreement with hackers last week after being breached twice in successive weeks by the ShinyHunters group. Instructure has not publicly disclosed the amount paid; unconfirmed industry estimates put the figure at around $10m. Instructure said it received 'digital confirmation of data destruction (shred logs)' and assurances that customers would not be subsequently extorted. The reaction from security professionals was, in the polite version, sceptical of those assurances. The two cases sit at the polar ends of the playbook. Instructure paid because the stolen data was student and staff personal information that could not be undone once published. Grafana refused because the stolen material was code that anyone could already download from the company's public repositories. The threat was, in that sense, performative. The attackers made the demand anyway, on the working assumption that some percentage of victims pay regardless of whether the underlying leverage exists. The structural read on the past week of incidents is the recurring one. The defensive side of the enterprise software industry has been reorienting around AI-driven vulnerability discovery: Anthropic's Mythos model has been finding thousands of zero-day flaws across major operating systems and browsers, and central-bank regulators have moved aggressively to monitor what the same capabilities mean inside the financial system, with the company briefing the Financial Stability Board on its findings. The Grafana breach was not an AI-driven attack on the available evidence. It was a token-misuse exploit against a GitHub workflow, the kind of intrusion that has been the modal data breach for the past six years. The mechanics are unchanged. The extortion logic that follows them is what is evolving. Grafana said its investigation is ongoing and it will publish its findings once the probe is complete. The company did not disclose which specific repositories were exfiltrated, did not name the threat actor in its own statement. The narrower lesson is that the FBI's no-pay guidance is finally being treated as policy by companies with sufficiently public business models to absorb the optics. Grafana has the unusual advantage that its product is open source by design. If the no-pay posture extends to companies with proprietary intellectual property is the next test the threat actors will set up.

For years, IT and DevOps teams have wrestled with the same stubborn problem: how do you automate workflows in systems that were never built for automation? Legacy apps, vendor portals, and proprietary line-of-business platforms rarely offer APIs. That means someone, usually a human, ends up clicking through screens, entering data, and completing transactions by hand. Microsoft has a direct answer to that problem. Computer use in Microsoft Copilot Studio is now generally available, with expanded availability rolling out to all commercial geographies in Microsoft Power Platform. The simplest way to think about it: computer use gives an agent the same tools a person has -- a browser, a screen, a keyboard, and the ability to read what's on the page and take the next logical step. That's a meaningful shift. Most automation tools rely on brittle, selector-based scripts that break the moment a UI changes. Instead, the computer uses a tool that relies on vision and reasoning to navigate live UIs -- adapting when layouts shift, fields move, or workflows branch. In practical terms, this means agents can now handle workflows that previously required manual workarounds or expensive integration projects. For organizations with deep investments in proprietary platforms or third-party portals, workflows that previously required either a multi-quarter integration project or an army of contractors clicking through screens can now be handed to an agent. For enterprise IT teams, this can also reduce pressure to modernize or rebuild legacy systems before automation can begin. Microsoft points to Graebel, a global mobility and relocation services company, as an early example of what this looks like in production. Working with GET AI and Microsoft, Graebel built and deployed the Graebel Service Order Agent in Microsoft Copilot Studio. The agent monitors designated mailboxes and interprets unstructured service-order emails using Azure Content Understanding, extracting key data into a structured form with confidence scoring. It validates each request against Graebel's business rules, service logic, and compliance requirements before any action is taken. The agent then operates Global Connect directly through its UI -- navigating screens, entering data, and completing transactions exactly as a trained human operator would, without APIs or platform redevelopment. Exceptions and low-confidence cases are escalated through human-in-the-loop workflows, preserving governance and service quality. That last point matters. Keeping humans in the loop for exceptions isn't a limitation -- it's the right design for enterprise workflows where compliance and accuracy aren't optional. One concern that often follows news like this: what about security? Microsoft is keenly aware of that question. The platform is built within the existing Power Platform governance framework, so agents inherit the same security controls, compliance policies, and audit capabilities that organizations already have. Microsoft is actively investing in advanced governance, operations, and scale for computer-using agents, with customer feedback directly informing the roadmap. Copilot Studio now also supports model selection for agents, with models from both OpenAI and Anthropic available. That flexibility matters for teams that want to match the right model to the right task -- whether they're optimizing for reasoning depth, latency, or cost. Computer-using agents aren't a replacement for well-designed APIs or modern integrations. But they do fill a long-standing gap in enterprise environments. Not every system gets modernized on schedule. Not every vendor exposes the data access your team needs. And not every business process maps neatly to an existing automation workflow. Getting started is straightforward. Teams can create or open an agent in Microsoft Copilot Studio, navigate to Tools, select Add tool, and then add a new computer-use capability. From there, the task can be described in natural language. "Computer-using agents extend automation from API-reachable systems to anything with a UI, the larger surface in most enterprises. General availability in Copilot Studio repositions the conversation from integration backlog to action governance, and model choice across OpenAI and Anthropic confirms that competitive value sits at the operating layer," according to Mitch Ashley, VP and Practice Lead, Software Lifecycle Engineering, The Futurum Group. "Procurement should treat this as a control plane question. UI-driven agents inherit human-level reach across legacy and SaaS workflows, so authorization, audit, and exception handling must operate at the action level. Without that visibility, autonomy stalls short of what the technology enables."