Security news aggregator

Latest coverage for LAPSUS$

Coverage of incidents reportedly linked to LAPSUS$, with analysis of infrastructure and disruption, security impact, and defensive guidance.

6 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

LAPSUS$ is a name used in public reporting for an intrusion set associated with several high-profile compromises, particularly during 2021–2022. Investigations and victim disclosures linked the activity to social engineering, stolen credentials, account takeover—including reported abuse of help-desk or telecom recovery processes—and theft or attempted extortion of data and source code. Attribution, membership, and the relationship between individual incidents remain subject to change, so reports should be assessed for the evidence supporting each linkage.

Its security significance is the demonstrated exposure of identity and support workflows rather than reliance on a single malware family. Defenders should prioritize phishing-resistant multifactor authentication for privileged users, tightly control password resets and number-porting requests, limit administrator access, and monitor unusual identity-provider, cloud, and repository activity. After a suspected compromise, revoke sessions and tokens, rotate credentials and exposed secrets, preserve authentication and support-desk logs, and determine what data or code was accessed. These steps also help distinguish confirmed intrusion facts from claims made during extortion or incomplete early reporting.

Showing 6 most recent headlines Filtered view

Also: Continued Turmoil at CISA, MSSP Level Blue's Acquisition of CybereasonIn this week's panel, four ISMG editors discussed the FBI's takedown of Scattered Lapsus$ Hunters, turmoil inside CISA amid the U.S. federal government shutdown and how LevelBlue's acquisition of Cybereason signals big shifts in the XDR and MDR markets.

Chaos Theory and Ransomware's Love Child Serves Up Nonstop UnpredictabilityAll is not quiet on the ransomware front. Long the province of Russian criminals, numerous ransomware campaigns now trace to reckless Western teenagers operating under the banner of Scattered Lapsus$ Hunters who wield not just technical and trickster chops, but also a chaos and unpredictability.

Chaos Theory and Ransomware's Love Child Serves Up Nonstop UnpredictabilityAll is not quiet on the ransomware front. Long the province of Russian criminals, numerous ransomware campaigns now trace to reckless Western teenagers operating under the banner of Scattered Lapsus$ Spider who wield not just technical and trickster chops, but also a chaos and unpredictability.

Criminals Claim Leak of Customer Data From Six Victims, Including Qantas AirlinesA ransomware group that's been extorting Salesforce customers leaked some stolen data, following the FBI disrupting its shakedown sites. ShinyHunters, part of the rebranded Scattered Lapsus$ Hunters group, after leaking data from six victims, declared its Salesforce customer shakedown over.