#Canvas login portals for 15,000 institutions, including top universities like Harvard and Oxford, has exfiltrated 3.65 terabytes of student and faculty data in their boldest attempt at monetizing stolen data since announcing itself as #ShinyHunters in 2020.

This massive black hat #BigEdu data security attack runs alongside concurrent supply chain grift attacks on corporate players like #Vimeo #WynnResorts #Snowflake and #Zara, exposing critical flaws in #EdTech & #Corporate #InfoSec partcularly protocol for third-party vendor trust.

The nefarious #ShinyHunters cabal has infiltrated over 400+ organizations in #SAAS & #DRM data breaches including #Google #Salesforce #Workday, #Crunchbase, #Gucci, #Coinbase, and #Qantas airlines not to mention so called "Security" professionals such as #CrowdStrike and #ADT

https://www.pcmag.com/news/video-platform-vimeo-hacked-by-shinyhunters-gang

https://www.docontrol.io/blog/shinyhunters

https://www.securityweek.com/wynn-resorts-says-21000-employees-affected-by-shinyhunters-hack/

https://www.reco.ai/blog/shinyhunters-data-breach-vs-saas-why-dynamic-security-matters

Donuts and Beagles: Fake Claude site spreads backdoor

A fraudulent website impersonating Anthropic's Claude AI platform has been distributing a previously undocumented backdoor called Beagle through malvertising campaigns. The attack begins when victims download a fictitious tool named Claude-Pro Relay from claude-pro[.]com, delivered as a 505 MB ZIP archive. The infection chain utilizes DLL sideloading, exploiting a signed G DATA antivirus updater to load malicious code. The technique mirrors PlugX delivery methods but deploys different payloads. Beagle supports eight commands including shell execution, file transfer, and directory listing, communicating with C2 servers using AES encryption. Related samples dating to February 2026 have been identified, with some variants delivering AdaptixC2 framework. Additional domains impersonated security vendors like Trellix, CrowdStrike, and SentinelOne. The infrastructure spans Cloudflare for distribution and Alibaba Cloud for command and control.

Pulse ID: 69fcc63f1dce161fc2f8380c
Pulse Link: https://otx.alienvault.com/pulse/69fcc63f1dce161fc2f8380c
Pulse Author: AlienVault
Created: 2026-05-07 17:05:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Cloud #CrowdStrike #CyberSecurity #Encryption #InfoSec #Malvertising #OTX #OpenThreatExchange #PlugX #SentinelOne #SideLoading #Trellix #ZIP #bot #AlienVault

A CrowdStrike fortalece sua aliança global para mitigar riscos na IA generativa:

• Foco em detecção de vulnerabilidades
• Proteção de infraestruturas críticas
• Padronização de protocolos de segurança tecnológica

Inovação colaborativa para um futuro digital seguro. 🛡️💻

#CyberSecurity #GenerativeAI #CrowdStrike

Cybercrime Groups Exploit Vishing, SSO Abuse in SaaS Extortion Spree

Cybercrime groups are launching lightning-fast extortion attacks within trusted SaaS environments, exploiting vishing and SSO abuse to evade detection and strike with precision. By hiding in plain sight, they're creating significant challenges for defenders trying to keep up.

https://osintsights.com/cybercrime-groups-exploit-vishing-sso-abuse-in-saas-extortion-spree?utm_source=mastodon&utm_medium=social

#SaasExtortion #Vishing #SsoAbuse #CloudEconomy #Crowdstrike

CrowdStrike makes a mistake, Windows Servers BSOD and fail to boot, Linux users observe...

https://watch.linuxrenaissance.com/w/xA4U2CE28qcQPYA4KFjRyM