Pink is the latest goon squad to use fake helpdesk calls to steal creds
A familiar tactic popularized by chaotic crime crew Lapsus$
Coverage of incidents reported as linked to Lapsus, including attribution analysis, infrastructure, disruption efforts, and defensive guidance.
Search across headline titles and summaries.
Background for this topic.
Lapsus$ is a threat actor or intrusion set associated in public reporting with high-profile compromises, theft of corporate data and source code, and extortion through threats to disclose stolen information. Attribution can be difficult because the name may encompass activity by multiple individuals, so reporting should distinguish confirmed facts from claims made by the group or by investigators.
The material security concern is the exposure of identity and support processes: reported incidents have involved social engineering, compromised employee accounts, and access to cloud or development environments. Defenders should enforce phishing-resistant multifactor authentication where possible, tightly control help-desk account recovery, monitor unusual sign-ins and session use, and limit access to repositories and sensitive stores. If an intrusion is suspected, promptly preserve authentication and cloud logs, revoke sessions, rotate credentials and tokens, determine what data was accessed or removed, and assess privacy and notification obligations.
Weekly headline count for the current query.
A familiar tactic popularized by chaotic crime crew Lapsus$
Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump
Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump Software security testing outfit Checkmarx has become the latest organization caught up in an ongoing attack on security-tool providers. The biz said data posted online appears to have come from one of its GitHub repositories after the Lapsus$ extortion crew claimed to have dumped the company’s source code, secrets, and other sensitive data.…
Crims 'creating a snowball effect' across open source projects RSAC 2026 Thousands of organizations' cloud environments have been infected with secret-stealing malware as a result of the Trivy supply-chain attack last week, and now the crims that compromised the open source scanners are working with notorious extortion crews like Lapsus$.…
Telegram posts promise up to $1,000 per call as gang refines IT helpdesk ruse Prolific cybercrime crew Scattered Lapsus$ Hunters (SLSH) is reportedly recruiting women in the hope of improving its social engineering success.…
Subpoena issued to former ShinyHunters member Resecurity offered its "congratulations" to the Scattered Lapsus$ Hunters cybercrime crew for falling into its threat intel team's honeypot – resulting in a subpoena being issued for one of the data thieves. Meanwhile, the notorious extortionists have since removed their claims of gaining "full access" to the security shop's systems.…
ReliaQuest finds fresh crop of phishing domains and toxic tickets Scattered Lapsus$ Hunters may be circling Zendesk users for its latest extortion campaign, with new phishing domains and weaponized helpdesk tickets uncovered by ReliaQuest.…
'We will never stop,' say crooks, despite retiring twice in the space of a month The Scattered Lapsus$ Hunters (SLSH) cybercrime collective - compriseed primarily of teenagers and twenty-somethings - announced it will go dark until 2026 following the FBI's seizure of its clearweb site.…
US and French fuzz pull the plug on Scattered Lapsus$ Hunters' latest leak shop targeting Salesforce US authorities have seized the latest incarnation of BreachForums, the cybercriminal bazaar recently reborn under the stewardship of the so-called Scattered Lapsus$ Hunters, with help from French cyber cops and the Paris prosecutor's office.…
Crime group claims to have already doled out $1K to those in it 'for money and for the love of the game' Scattered Lapsus$ Hunters has launched an unusual crowdsourced extortion scheme, offering $10 in Bitcoin to anyone willing to help pressure their alleged victims into paying ransoms.…
PLUS: China's Great Firewall springs a leak; FBI issues rare 'Flash Alert' of Salesforce attacks; $10m bounty for alleged Russian hacker; and more Infosec In Brief 15 ransomware gangs, including Scattered Spider and Lapsus$, have announced that they are going dark, and say no more attacks will be carried out in their name.…
Scattered Spider, ShinyHunters, and Lapsus$ spent the weekend bragging to each other on a Telegram channel Prolific cybercrime collectives Scattered Spider, ShinyHunters, and Lapsus$ appear to have come together in a new Telegram channel that shares news of their exploits.…
Arion Kurtaj will remain hospitalized until a mental health tribunal says he can leave Two British teens who were members of the Lapsus$ gang have been sentenced for their roles in a cyber-crime spree that included compromising Uber, Nvidia, and fintech firm Revolut, and also blackmailing Grand Theft Auto maker Rockstar Games.…
From BT and Nvidia to Grand Theft Auto 6, pair were on a total tear Two teenage members of the chaotic Lapsus$ cyber-crime gang helped compromise computer systems of Uber and Nvidia, and also blackmailed Grand Theft Auto maker Rockstar Games among other high-profile victims, a jury has decided.…
'Does have a somewhat Lapsus$ish feel' we're told The Medusa ransomware gang has posted what it claims is a massive leak of internal Microsoft materials, including Bing and Cortana source code.…
Voice-phished their way in, but Switchzilla claims no damage done Cisco disclosed on Wednesday that its corporate network was accessed by cyber-criminals in May after an employee's personal Google account was compromised – an act a ransomware gang named "Yanluowang" has now claimed as its work.…
Once former supplier Sitel coughed up its logs, it became apparent the attacker was hemmed in Okta has completed its analysis of the March 2022 incident that saw The Lapsus$ extortion crew get a glimpse at some customer information, and concluded that its implementation of zero trust techniques foiled the attack – and that its (former) outsourced customer service provider Sitel was largely to blame for the confusion surrounding the incident.…
Two teenagers arrested as part of police probe into extortion group British police have charged two teenagers as part of an international investigation into the Lapsus$ cyber extortion gang.…
Meanwhile, Okta squirms as further details of slow hack response emerge Extortion gang Lapsus$ may to be back at work, despite the arrest of seven alleged operatives.…
Changes story again to say customers weren't in danger, admits it waited for incident report instead of asking tough questions Identity-management-as-a-service outfit Okta has acknowledged that it made an important mistake in its handling of the attack on a supplier by extortion gang Lapsus$.…