Security news aggregator

Latest coverage for Lapsus

Coverage of incidents reported as linked to Lapsus, including attribution analysis, infrastructure, disruption efforts, and defensive guidance.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Lapsus$ is a threat actor or intrusion set associated in public reporting with high-profile compromises, theft of corporate data and source code, and extortion through threats to disclose stolen information. Attribution can be difficult because the name may encompass activity by multiple individuals, so reporting should distinguish confirmed facts from claims made by the group or by investigators.

The material security concern is the exposure of identity and support processes: reported incidents have involved social engineering, compromised employee accounts, and access to cloud or development environments. Defenders should enforce phishing-resistant multifactor authentication where possible, tightly control help-desk account recovery, monitor unusual sign-ins and session use, and limit access to repositories and sensitive stores. If an intrusion is suspected, promptly preserve authentication and cloud logs, revoke sessions, rotate credentials and tokens, determine what data was accessed or removed, and assess privacy and notification obligations.

Showing 3 most recent headlines Filtered view
Bank Info Security 6 months, 1 week ago

Deception Tech Snares Shiny Hunter Attacker's IP Address

Targeted Threat Intel Firm Shares Details With Police After Honeypot HitGetting owned by deception technology isn't good news for one's criminal brand or ability to remain at large. Just ask the band of young hackers behind "Scattered Lapsus$ Shiny Hunters," when one of their ilk fell into a security firm's honeytrap, revealing his actual IP address in the process.

Subpoena issued to former ShinyHunters member Resecurity offered its "congratulations" to the Scattered Lapsus$ Hunters cybercrime crew for falling into its threat intel team's honeypot – resulting in a subpoena being issued for one of the data thieves. Meanwhile, the notorious extortionists have since removed their claims of gaining "full access" to the security shop's systems.…