Topic: extortion campaigns
-
FBI Shuts Down BreachForums in Salesforce Extortion Case
Federal authorities, in a joint U.S.-French operation, seized the BreachForums domain used by the ShinyHunters collective to extort businesses affected by Salesforce data theft, redirecting it to FBI-controlled infrastructure. The ShinyHunters group confirmed that law enforcement gained control o...
Read More » -
Clop Hackers Stole Data Using Oracle Zero-Day Since August
The Clop ransomware group exploited a critical zero-day vulnerability (CVE-2025-61882) in Oracle's E-Business Suite, enabling remote code execution and leading to widespread data theft and extortion attempts. Security researchers and analysts confirmed the vulnerability allows unauthenticated att...
Read More » -
Hackers Stole Data From 200 Companies in Google-Linked Breach
A major supply chain attack compromised data from over 200 organizations, with Google confirming theft from Salesforce instances through Gainsight applications, highlighting risks in interconnected digital ecosystems. The hacking group Scattered Lapsus$ Hunters claimed responsibility, targeting c...
Read More » -
Oracle Quietly Patches Critical Zero-Day Exposed by Hackers
Oracle urgently patched a critical pre-authentication SSRF vulnerability (CVE-2025-61884) in its E-Business Suite after the ShinyHunters group leaked a working exploit, enabling unauthorized access without login credentials. Two separate threat actors, Clop and ShinyHunters, exploited distinct Or...
Read More » -
Zscaler Breach: Customer Data Exposed via Third-Party Hack
A security breach at Zscaler exposed customer data via a compromised third-party AI chat agent, Salesloft Drift, which allowed attackers to access sensitive records in the company's Salesforce environment. The compromised information includes names, email addresses, job titles, phone numbers, reg...
Read More »