Find notable cyber news and cases, enriched with sources, timelines, and signals.

ShinyHunters and Scattered Spider launch ShinySp1d3r RaaS under Scattered LAPSUS$ Hunters brand

Threat Actor Meta
First reported
Last updated
Happening score
H score 18
2 unique sources, 2 articles

Summary

Hide ▲

ShinyHunters-linked actors are launching ShinySp1d3r, a new ransomware-as-a-service brand, shifting their extortion model toward running their own operation and affiliate ecosystem. That change matters because it reduces dependence on other gangs’ encryptors and signals a more organized, scalable extortion platform. The operation is being presented under the Scattered LAPSUS$ Hunters name and is tied to prior activity against Salesforce and Jaguar Land Rover (JLR).

Related Happenings

Phantom Mantis shifts The Gentlemen into an independent ransomware partnership program

Threat Actor Meta
H score24 First: 11.06.2026 19:50 Last: 11.06.2026 19:50 Sources 1

About this happening: **Phantom Mantis** moved **The Gentlemen** from dependence on other ransomware ecosystems into an **independent partnership program**, expanding its operational autonomy and affil...

ShinyHunters Oracle PeopleSoft data theft and extortion campaign

Campaign
H score60 First: 10.06.2026 21:31 Last: 10.06.2026 21:31 Sources 1

About this happening: **ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...

Latest development: 29.06.2026 23:40

Nissan says attackers exploited an Oracle PeopleSoft vulnerability in a ShinyHunters-linked campaign and that the company was specifically targeted, with personal information for current and former employees in the United States, Canada, Mexico, and Brazil potentially exposed. Nissan says the material may include employee contact information, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary information, and the company has activated incident response, engaged external cybersecurity experts, secured affected systems, and is working with Oracle.

Silent Ransom Group US law firm IT impersonation campaign

Campaign
H score36 First: 29.05.2026 16:00 Last: 29.05.2026 16:00 Sources 1

About this happening: **Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...

Red Menshen telecom espionage campaign

Campaign
H score33 First: 26.03.2026 19:40 Last: 26.03.2026 19:40 Sources 1

About this happening: A **China-nexus** **Red Menshen** operation has sustained **covert access** in **telecom networks** across the **Middle East and Asia**, increasing the risk of **government espion...

Google Ads tax-search ScreenConnect malvertising campaign

Campaign
H score32 First: 24.03.2026 19:05 Last: 24.03.2026 19:05 Sources 1

About this happening: A **malvertising campaign** active since **January 2026** is using **Google Ads** and tax-related search terms to push rogue **ConnectWise ScreenConnect** installers, creating a p...

Timeline

  1. 19.11.2025 15:01 2 articles · 7mo ago

    ShinySp1d3r ransomware-as-a-service surfaces publicly

    Initial Disclosure

    An in-development ShinySp1d3r ransomware-as-a-service build from ShinyHunters and Scattered Spider-linked actors is publicly surfaced as a preview of a new extortion operation. The build is presented as a custom ransomware service created from scratch, branded under the Scattered LAPSUS$ Hunters name, and intended to replace earlier reliance on other gangs' encryptors while enabling attacks by the group and its affiliates.

    Show sources