Grafana had a very similar incident: https://grafana.com/blog/grafana-labs-security-update-latest...