ShinyHunters
PornHub extorted after hackers steal Premium member activity data
Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach. Last week, PornHub disclosed that it was impacted by a recent breach at analytics vendor Mixpanel. Mixpanel suffered a breach on November 8th, 2025, after […]
CrowdStrike catches insider feeding information to hackers
American cybersecurity firm CrowdStrike has confirmed that an insider shared screenshots taken on internal systems with hackers after they were leaked on Telegram by the Scattered Lapsus$ Hunters threat actors. However, the company noted that its systems were not breached as a result of this incident and that customers’ data was not compromised. “We identified […]
Salesforce investigates customer data theft via Gainsight breach
Salesforce says it revoked refresh tokens linked to Gainsight-published applications while investigating a new wave of data theft attacks targeting customers. The cloud-based software company noted that this doesn’t stem from a vulnerability in its customer relationship management (CRM) platform since all evidence points to the malicious activity being related to the app’s external connection […]
Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters
An in-development build of the upcoming ShinySp1d3r ransomware-as-a-service platform has surfaced, offering a preview of the upcoming extortion operation. ShinySp1d3r is the name of an emerging RaaS created by threat actors associated with the ShinyHunters and Scattered Spider extortion groups. These threat actors have traditionally used other ransomware gangs’ encryptors in attacks, including ALPHV/BlackCat, Qilin, RansomHub, and DragonForce, but […]
Checkout.com snubs hackers after data breach, to donate ransom instead
UK financial technology company Checkout announced that the ShinyHunters threat group has breached one of its legacy cloud storage systems and is now extorting the company for a ransom. The company says that although the stolen data affects a significant portion of its merchant base, it will not pay a ransom and will instead invest […]
Salesforce refuses to pay ransom over widespread data theft attacks
Salesforce has confirmed that it will not negotiate with or pay a ransom to the threat actors behind a massive wave of data theft attacks that impacted the company’s customers this year. As first reported by Bloomberg, Salesforce emailed customers on Tuesday to say they would not be paying a ransom and warned that “credible threat […]
Red Hat data breach escalates as ShinyHunters joins extortion
Enterprise software giant Red Hat is now being extorted by the ShinyHunters gang, with samples of stolen customer engagement reports (CERs) leaked on their data leak site. News of the Red Hat data breach broke last week when a hacking group known as the Crimson Collective claimed to have stolen nearly 570GB of compressed data across 28,000 internal development […]
Oracle patches EBS zero-day exploited in Clop data theft attacks
Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks. The flaw is within the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration) and has a CVSS base score of 9.8, […]
ShinyHunters launches Salesforce data leak site to extort 39 victims
An extortion group has launched a new data leak site to publicly extort dozens of companies impacted by a wave of Salesforce breaches, leaking samples of data stolen in the attacks. The threat actors responsible for these attacks claim to be part of the ShinyHunters, Scattered Spider, and Lapsus$ groups, collectively referring to themselves as “Scattered Lapsus$ […]
Automaker giant Stellantis confirms data breach after Salesforce hack
Automotive manufacturing giant Stellantis has confirmed that attackers stole some of its North American customers’ data after gaining access to a third-party service provider’s platform. Stellantis is a multinational corporation formed in 2021 after the merger of the PSA Group (Peugeot Société Anonyme) and Fiat Chrysler Automobiles (FCA). Stellantis is currently one of the largest […]