Pink is the latest goon squad to use fake helpdesk calls to steal creds
A familiar tactic popularized by chaotic crime crew Lapsus$
Coverage of incidents reported as linked to Lapsus, including attribution analysis, infrastructure, disruption efforts, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
Lapsus$ is a threat actor or intrusion set associated in public reporting with high-profile compromises, theft of corporate data and source code, and extortion through threats to disclose stolen information. Attribution can be difficult because the name may encompass activity by multiple individuals, so reporting should distinguish confirmed facts from claims made by the group or by investigators.
The material security concern is the exposure of identity and support processes: reported incidents have involved social engineering, compromised employee accounts, and access to cloud or development environments. Defenders should enforce phishing-resistant multifactor authentication where possible, tightly control help-desk account recovery, monitor unusual sign-ins and session use, and limit access to repositories and sensitive stores. If an intrusion is suspected, promptly preserve authentication and cloud logs, revoke sessions, rotate credentials and tokens, determine what data was accessed or removed, and assess privacy and notification obligations.
Weekly headline count for the current query.
A familiar tactic popularized by chaotic crime crew Lapsus$
A Single Developer Downloaded a Poisoned VS Code Extension, and Now LookGitHub warned late Tuesday that hackers stole roughly 3,800 internal repositories from the Microsoft-owned platform after a developer used a poisoned VS Code script, which is developed by Microsoft. TeamPCP and Lapsus$ appear to be cooperating to sell the stolen data for $95,000.
Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. [...]
Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump
Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on security-tool providers. The biz said data posted online appears to have come from one of its GitHub repositories after the Lapsus$ extortion crew claimed to have dumped the company’s source code, secrets, and other sensitive data.…
As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and creating a murky situation for enterprises.
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs
Crims 'creating a snowball effect' across open source projects RSAC 2026 Thousands of organizations' cloud environments have been infected with secret-stealing malware as a result of the Trivy supply-chain attack last week, and now the crims that compromised the open source scanners are working with notorious extortion crews like Lapsus$.…
Telegram posts promise up to $1,000 per call as gang refines IT helpdesk ruse Prolific cybercrime crew Scattered Lapsus$ Hunters (SLSH) is reportedly recruiting women in the hope of improving its social engineering success.…
The notorious cybercrime collective known as Scattered LAPSUS$ Hunters (SLH) has been observed offering financial incentives to recruit women to pull off social engineering attacks
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators… Read More »
Targeted Threat Intel Firm Shares Details With Police After Honeypot HitGetting owned by deception technology isn't good news for one's criminal brand or ability to remain at large. Just ask the band of young hackers behind "Scattered Lapsus$ Shiny Hunters," when one of their ilk fell into a security firm's honeytrap, revealing his actual IP address in the process.
Scattered Lapsus$ Hunters, also known as ShinyHunters, were drawn in using a realistic, yet mostly fake, dataset.
Subpoena issued to former ShinyHunters member Resecurity offered its "congratulations" to the Scattered Lapsus$ Hunters cybercrime crew for falling into its threat intel team's honeypot – resulting in a subpoena being issued for one of the data thieves. Meanwhile, the notorious extortionists have since removed their claims of gaining "full access" to the security shop's systems.…
Uncovered: Typosquatted Domains Linked to Suspected Ransomware Group CampaignContinuing its targeting of customer data, the cybercrime group Scattered Lapsus$ Hunters appears to be gearing up for large-scale attacks involving typosquatted domains that lead to phishing domains designed to steal Zendesk users' valid credentials, warn security researchers.
ReliaQuest finds fresh crop of phishing domains and toxic tickets Scattered Lapsus$ Hunters may be circling Zendesk users for its latest extortion campaign, with new phishing domains and weaponized helpdesk tickets uncovered by ReliaQuest.…
New phishing domains point to a campaign from the notorious Scattered Lapsus$ Hunters collective
A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for "Rey," the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, Rey confirmed his real life identity and agreed to an interview after KrebsOnSecurity tracked him down and contacted his father.
Cybercrime Group ShinyHunters Claims to Steal Data From 300 OrganizationsThe attack that targeted customer data management tool Gainsight resulted in the theft of information from approximately 300 Salesforce-using firms, the Scattered Lapsus$ Hunters subgroup ShinyHunters has claimed. Salesforce and Gainsight have shared more details as their investigation continues.
Carmaker Resumes Full ProductionThe September cyberattack on Jaguar Land Rover resulted in a company loss of roughly $260 million, the British carmaker reported Friday while also announcing a resumption of normal production. Cybercrime group "Scattered Lapsus$ Hunters" took responsibility for the hack.