ShinyHunters - Geek Feed

Meet ShinySp1d3r: New Ransomware-as-a-Service created by ShinyHunters

November 22, 2025November 22, 2025 geekfeed0Tagged Encryptor, In-Development, ransomware, Ransomware-as-a-Service, Scattered Lapsus$ Hunters, Sh1nySp1d3r, ShinyHunters

An in-development build of the upcoming ShinySp1d3r ransomware-as-a-service platform has surfaced, offering a preview of the upcoming extortion operation. ShinySp1d3r is the name of an emerging RaaS created by threat actors associated with the ShinyHunters and Scattered Spider extortion groups. These threat actors have traditionally used other ransomware gangs’ encryptors in attacks, including ALPHV/BlackCat, Qilin, RansomHub, and DragonForce, but […]

6 mins read

Checkout.com snubs hackers after data breach, to donate ransom instead

November 18, 2025November 18, 2025 geekfeed0Tagged Checkout.com, data breach, Data Theft, Extortion, Payment Processing, ShinyHunters

UK financial technology company Checkout announced that the ShinyHunters threat group has breached one of its legacy cloud storage systems and is now extorting the company for a ransom. The company says that although the stolen data affects a significant portion of its merchant base, it will not pay a ransom and will instead invest […]

2 mins read

Salesforce refuses to pay ransom over widespread data theft attacks

October 18, 2025 geekfeed0Tagged Data Leak Site, Data Theft, Extortion, Salesforce, Salesloft, Scattered Lapsus$ Hunters, ShinyHunters

Salesforce has confirmed that it will not negotiate with or pay a ransom to the threat actors behind a massive wave of data theft attacks that impacted the company’s customers this year. As first reported by Bloomberg, Salesforce emailed customers on Tuesday to say they would not be paying a ransom and warned that “credible threat […]

3 mins read

Red Hat data breach escalates as ShinyHunters joins extortion

October 12, 2025October 12, 2025 geekfeed0Tagged Crimson Collective, data breach, Red Hat, Repository, Scattered Lapsus$ Hunters, ShinyHunters

Enterprise software giant Red Hat is now being extorted by the ShinyHunters gang, with samples of stolen customer engagement reports (CERs) leaked on their data leak site. News of the Red Hat data breach broke last week when a hacking group known as the Crimson Collective claimed to have stolen nearly 570GB of compressed data across 28,000 internal development […]

4 mins read

Oracle patches EBS zero-day exploited in Clop data theft attacks

October 10, 2025October 10, 2025 geekfeed0Tagged 0day, Clop, CVE-2025-61882, Data Theft, Extortion, Oracle E-Business Suite, Scattered Lapsus$ Hunters, ShinyHunters, Zero-Day

Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to perform unauthenticated remote code execution, with the flaw actively exploited in Clop data theft attacks. The flaw is within the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration) and has a CVSS base score of 9.8, […]

7 mins read

ShinyHunters launches Salesforce data leak site to extort 39 victims

October 7, 2025October 7, 2025 geekfeed0Tagged Breach, data breach, Leak, Salesforce, Scattered Lapsus$ Hunters, ShinyHunters

An extortion group has launched a new data leak site to publicly extort dozens of companies impacted by a wave of Salesforce breaches, leaking samples of data stolen in the attacks. The threat actors responsible for these attacks claim to be part of the ShinyHunters, Scattered Spider, and Lapsus$ groups, collectively referring to themselves as “Scattered Lapsus$ […]

4 mins read

Automaker giant Stellantis confirms data breach after Salesforce hack

September 26, 2025September 26, 2025 geekfeed0Tagged Automotive, data breach, Salesforce, ShinyHunters, Stellantis

Automotive manufacturing giant Stellantis has confirmed that attackers stole some of its North American customers’ data after gaining access to a third-party service provider’s platform. Stellantis is a multinational corporation formed in 2021 after the merger of the PSA Group (Peugeot Société Anonyme) and Fiat Chrysler Automobiles (FCA). Stellantis is currently one of the largest […]

3 mins read

ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks

September 21, 2025September 21, 2025 geekfeed0Tagged Data Theft, Salesforce, Salesloft, Scattered Spider, ShinyHunters, UNC6040, UNC6395

The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. For the past year, the threat actors have been targeting Salesforce customers in data theft attacks using social engineering and malicious OAuth applications to breach Salesforce instances and download data. The stolen data is then used […]

4 mins read

Google confirms fraudulent account created in law enforcement portal

September 18, 2025September 18, 2025 geekfeed0Tagged Data Request, Extortion, FBI, google, Lapsus$, Scattered Spider, ShinyHunters

Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses to submit official data requests to the company “We have identified that a fraudulent account was created in our system for law enforcement requests and have disabled the account,” Google told GeekFeed. “No requests […]

3 mins read

FBI warns of UNC6040, UNC6395 hackers stealing Salesforce data

September 17, 2025September 17, 2025 geekfeed0Tagged Data Theft, OAuth Tokens, Salesforce, Salesloft, Salesloft Drift, Scattered Spider, ShinyHunters

The FBI has issued a FLASH alert warning that two threat clusters, tracked as UNC6040 and UNC6395, are compromising organizations’ Salesforce environments to steal data and extort victims. “The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate Indicators of Compromise (IOCs) associated with recent malicious cyber activities by cyber criminal groups UNC6040 […]

4 mins read