#shinyhunters

#shinyhunters

Betterment, which offers automated investment and financial planning services, first disclosed the breach in January after detecting unauthorized access to certain internal systems on January 9. Betterment said the hacker gained entry through a social engineering scheme that relied on impersonation to infiltrate third-party marketing and operations tools, then used that access to send customers a fraudulent cryptocurrency promotion disguised as an official company message.

The ShinyHunters extortion group has claimed the theft of roughly 14 million records from Panera Bread, after compromising a Microsoft Entra single-sign-on (SSO) code. The attack falls in line with recent ShinyHunters attacks that rely on voice phishing (vishing) and SSO authentication to access victim organizations' cloud-based software-as-a-service (SaaS) environments. Last week, ShinyHunters published on its Tor-based leak site a 760GB archive allegedly containing the sensitive information stolen from Panera Bread.

The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. In these attacks, threat actors impersonate IT support and call employees, tricking them into entering their credentials and multi-factor authentication (MFA) codes on phishing sites that impersonate company login portals.

A data breach at SoundCloud that came to light in December 2025 is now becoming clearer. The data breach monitor Have I Been Pwned added the leaked dataset to its database this week, revealing the true extent of the impact. SoundCloud is a global audio platform where artists and listeners come together and where hundreds of millions of music and audio tracks are hosted.

Waltio, a French crypto tax platform, is under siege from ShinyHunters, a notorious ransomware group claiming to hold the personal data of nearly 50,000 users.

Ransomware hacks, data theft, crypto scams and sextortion cover a broad range of cybercrimes carried out by an equally varied list of assailants. But there is also an English-speaking criminal ecosystem carrying out these activities that defies conventional categorisation. Nonetheless, it does have a name: the Com. Short for community, the Com is a loose affiliation of cyber-criminals, largely native English language speakers typically aged from 16 to 25.

During the conference, Branco: argued that those arrested were young autistic people who were very technically talented and could be of great benefit to their country, but instead they had been arrested and could be going away for 20 years. claimed that Kering and LVMH, two victims of attacks, had pressured the French government to make arrests. claimed that French law enforcement was taking orders/direction from the FBI.

The incident involved unauthorized access to a limited set of data from a Google business Salesforce instance including company names, phone numbers, and internal notes.