Find notable cyber news and cases, enriched with sources, timelines, and signals.

Scattered Lapsus$ Hunters signal extortion-as-a-service shift and possible new ransomware testing

Threat Actor Meta
First reported
Last updated
Happening score
H score 30
1 unique sources, 1 articles

Summary

Hide ▲

Scattered Lapsus$ Hunters are signaling a move toward extortion-as-a-service (EaaS), a shift that could widen their reach while reducing direct attribution pressure. Observations from early October 2025 also point to testing of a possible ransomware build, SHINYSP1D3R, adding uncertainty about whether the group is expanding beyond pure extortion. The change matters because it could help the actors fly under the radar of law enforcement and reshape the wider The Com criminal ecosystem.

Related Happenings

ShinyHunters Oracle PeopleSoft data theft and extortion campaign

Campaign
H score60 First: 10.06.2026 21:31 Last: 10.06.2026 21:31 Sources 1

About this happening: **ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...

Latest development: 29.06.2026 23:40

Nissan says attackers exploited an Oracle PeopleSoft vulnerability in a ShinyHunters-linked campaign and that the company was specifically targeted, with personal information for current and former employees in the United States, Canada, Mexico, and Brazil potentially exposed. Nissan says the material may include employee contact information, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary information, and the company has activated incident response, engaged external cybersecurity experts, secured affected systems, and is working with Oracle.

Silent Ransom Group US law firm IT impersonation campaign

Campaign
H score36 First: 29.05.2026 16:00 Last: 29.05.2026 16:00 Sources 1

About this happening: **Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...

Charter Communications hit by network compromise linked to ShinyHunters

Incident
H score70 First: 26.05.2026 22:46 Last: 26.05.2026 22:46 Sources 1

About this happening: **Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...

Latest development: 29.05.2026 11:29

Have I Been Pwned analyzed leaked Charter Communications data and confirmed that the incident affected 4.9 million accounts, with exposed records including names, email addresses, job titles, phone numbers, and physical addresses. The published data also included a subset of about 85,000 records from an internal employee directory.

Ransomware ecosystem fragments into smaller agile cells in 2025

Threat Actor Meta
H score48 First: 18.02.2026 13:30 Last: 18.02.2026 13:30 Sources 1

About this happening: **Ransomware** activity in **2025** is becoming more fragmented and harder to track, with **124 groups** and **73 new groups** signaling a more crowded threat market. The shift ma...

ShinyHunters data-leak site exposing stolen attack data

Data Leak
H score71 First: 31.01.2026 17:02 Last: 31.01.2026 17:02 Sources 1

About this happening: The **ShinyHunters** extortion gang is publishing stolen data on a **data-leak site** tied to its broader **Oracle PeopleSoft** theft campaign. New reporting adds the **University...

Timeline

  1. 22.10.2025 11:30 2 articles · 8mo ago

    Scattered Lapsus$ Hunters discuss EaaS and test SHINYSP1D3R

    Technical Analysis Update

    Telegram posts made on October 4, 2025 show Scattered Lapsus$ Hunters discussing an extortion-as-a-service (EaaS) program and testing a new ransomware variant believed to be dubbed SHINYSP1D3R.

    Show sources
  2. 22.10.2025 11:30 1 articles · 8mo ago

    Scattered Lapsus$ Hunters set an October 10 ransom deadline and leak data

    Victim Impact Update

    Scattered Lapsus$ Hunters set 11:59 PM ET on October 10, 2025 as the ransom payment deadline, and data linked to at least six companies was released.

    Show sources
  3. 22.10.2025 11:30 1 articles · 8mo ago

    Scattered Lapsus$ Hunters say nothing else will be leaked

    Victim Impact Update

    On October 11, 2025, after the deadline passed and the six-organization data release had already occurred, Scattered Lapsus$ Hunters said "nothing else will be leaked".

    Show sources