The Threat Codex
ITSEC NewsShinyHunters Wage Broad Corporate Extortion Spree - A cybercriminal group that used voice phishing attacks to siphon more than a billion reco... https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/ #scatteredlapsus$hunters #oraclee-businesssuite #crimsoncollective #neer-do-wellnews #alittlesunshine #charlescarmakal #latestwarnings #thecomingstorm #cve-2025-61882 #austinlarsen #shinyhunters #ransomware #salesforce #salesloft #asyncrat #unc6040 #unc6395
KrebsOnSecurity RSSShinyHunters Wage Broad Corporate Extortion Spree
https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/
#ScatteredLAPSUS$Hunters #OracleE-BusinessSuite #Ne'er-Do-WellNews #CharlesCarmichael #CrimsonCollective #ALittleSunshine #LatestWarnings #TheComingStorm #CVE-2025-61882 #AustinLarsen #ShinyHunters #Ransomware #Salesforce #Salesloft #ASYNCRAT #UNC6040 #UNC6395
Marcel SIneM(S)USHacker behaupten: "Wir haben 1,5 Milliarden #Salesforce-Datensätze" - inside-it[.]ch https://www.inside-it.ch/hacker-behaupten-wir-haben-1%252C5-milliarden-salesforce-datensaetze-20250919 #Shinyhunters #SocialEngineering #ScatteredSpiders #UNC6040 #UNC6395 #Hacking #Datenschutz #privacy #DataLeak #Datenleck
Dissent Doe 
"The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens.
[...]
In March, one of the threat actors breached Salesloft's GitHub repository, which contained the private source code for the company.
ShinyHunters told BleepingComputer that the threat actors used the TruffleHog security tool to scan the source code for secrets, which resulted in the finding of OAuth tokens for the Salesloft Drift and the Drift Email platforms."
Read more of Lawrence Abrams' great reporting on Bleeping Computer:
https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/
#Salesforce #Salesloft #Oauth #Drift #databreach #ransom #ShinyyHunters #ScatteredSpider #LAPSUS$ #UNC6040 #UNC6395
Cyber Criminal Groups UNC6040 and UNC6395 Compromising Salesforce Instances for Data Theft and Extortion
#UNC6040 #UNC6395
https://www.ic3.gov/CSA/2025/250912.pdf
#UNC6040 #UNC6395
https://www.ic3.gov/CSA/2025/250912.pdf
Steve Dustcircle 🌹
securityaffairs#FBI warns of Salesforce attacks by #UNC6040 and #UNC6395 groups
https://securityaffairs.com/182159/cyber-crime/fbi-warns-of-salesforce-attacks-by-unc6040-and-unc6395-groups.html
#securityaffairs #hacking
https://securityaffairs.com/182159/cyber-crime/fbi-warns-of-salesforce-attacks-by-unc6040-and-unc6395-groups.html
#securityaffairs #hacking
Security LandIn 2025, UNC6395 struck Salesloft’s Drift, exposing Salesforce data and Google Workspace emails. From malicious IPs to SOQL queries, learn how this stealth attack unfolded and get Mandiant-backed strategies to lock down your integrations. Protect your business—read the full story now.
#SecurityLand #BreachBreakdown #Cybersecurity #Salesforce #SalesloftDrift #DataBreach #CyberAttack #UNC6395 #Mandiant
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/
#GoogleThreatIntelligenceGroup #ALittleSunshine #CharlesCarmakal #ScatteredSpider #LatestWarnings #TheComingStorm #SalesloftDrift #DataBreaches #AustinLarsen #JoshuaWright #ShinyHunters #CounterHack #Salesforce #AlanLiska #Mandiant #UNC6040 #UNC6395 #google