Salesforce representatives have announced that they have no intention of negotiating or paying a ransom to the attackers responsible for a series of large-scale attacks that resulted in the theft of the company’s customer data. Hackers are currently attempting to blackmail 39 companies whose data was stolen from Salesforce. Last week, Scattered Lapsus$ Hunters (a combination of members of the Scattered Spider, LAPSUS$, and Shiny Hunters hacker groups) launched their own Data Leak Site (DLS) listing 39 organizations affected by Salesforce-related data breaches. Each post contains examples of data stolen from Salesforce accounts and warns affected companies to contact the hackers by

Renewing their strategy, the Scattered Lapsus$ Hunters group has returned to the forefront with a new and surprising tactic to put pressure on victims. Cybercriminals have promised a $10 cryptocurrency reward to anyone willing to participate in a mass email bombardment targeting company executives who were victims of a ransomware attack. The aim of the individuals involved was to persuade the managers to collaborate with the extortionists, that is, to pay the demanded ransom. On its Telegram channel, the group distributed detailed instructions with a list of recipients, including executives from 39 companies whose data had allegedly been compromised . They emphasized

A group calling itself Scattered LAPSUS$ Hunters has resurfaced after months of silence and the arrest of its members. On a new leak site, the attackers published a list of approximately 40 Salesforce corporate environments and demanded a payment of nearly $1 billion—$989.45 million—in exchange for non-disclosure of the data, which, according to the extortionists, includes approximately one billion customer records. They have set an ultimatum of October 10: if Salesforce fails to negotiate, the criminals threaten to publish everything they have stolen. A Salesforce representative told The Register that the company was aware of the extortion attempts and had conducted an

Google executives said that hackers created a fake account on the Law Enforcement Request System (LERS), the company’s platform used by law enforcement agencies to submit official data requests. Late last week, members of the hacker groups Scattered Spider, LAPSUS$, and Shiny Hunters (who claim to have merged and are now calling themselves Scattered LAPSUS$ Hunters) announced on Telegram that they had gained access to both the Google LERS portal and the FBI’s eCheck background check system. LERS and eCheck are used by law enforcement and intelligence agencies around the world to transmit subpoenas and orders, as well as urgent information disclosure

Last week, Oracle warned customers of a critical zero-day vulnerability in its E-Business Suite (CVE-2025-61882), which allows remote execution of arbitrary code without authentication. It has now been revealed that the Clop hacker group has been actively exploiting this vulnerability for cyberattacks since August 2025. 0-day under attack: the state of the art The vulnerability was discovered in the Oracle Concurrent Processing component of Oracle E-Business Suite (BI Publisher integration module) and received a CVSS score of 9.8. This high score is due to the lack of authentication and ease of exploitation. Oracle representatives announced that the zero-day vulnerability affects Oracle E-Business

Three major ransomware groups— DragonForce, Qilin, and LockBit —have announced an alliance. This is essentially an attempt to coordinate the activities of several major ransomware-as-a-service (RaaS) operators; analysts warn that such consolidation could increase the reach and effectiveness of attacks. DragonForce has initiated the merger. In early September, almost simultaneously with the release of LockBit 5.0, DragonForce representatives publicly proposed to their “colleagues” that they end their internal squabbles and agree on “market rules”: a level playing field, a stop to public insults, and mutual support. LockBit responded positively, and DragonForce subsequently officially announced the alliance between the three gangs, inviting other

Oracle has published a security advisory regarding a critical vulnerability identified as CVE-2025-61882 in the Oracle E-Business Suite . The flaw can be exploited remotely without authentication , potentially allowing malicious code to be executed on affected systems. The company recommends that its customers immediately apply the updates outlined in the advisory. Oracle emphasizes the importance of maintaining actively supported product versions and installing all critical security patches promptly. In particular, updating critical patches released in October 2023 is a prerequisite for implementing new fixes. To support immediate detection and containment of potential attacks, the alert includes a risk matrix with indicators

The U.S. Department of Justice and British police have charged Talha Jubair, 19, a resident of East London, who investigators believe is a key member of Scattered Spider , a group responsible for a series of extortion attacks targeting major businesses and government agencies. According to the file, from May 2022 to September of this year, attackers carried out at least 120 intrusions, affecting 47 organizations in the United States, and the total amount of payments exceeded $115 million. A parallel case in London involves an attack on Transport for London in August 2024, in which 18-year-old Owen Flowers was involved along

Fifteen of the most notorious cybercriminal groups, including Scattered Spider, ShinyHunters, and Lapsus$, have announced their closure. Their collective statement, published on BreachForums, is the most explicit message from the underground in recent years. The group emphasized that their goal was less extortion than to demonstrate the weaknesses of digital systems. Now, however, they have declared that they prefer “silence” to public attacks. The document, published under several pseudonyms of well-known hackers, claims that the decision was made after three days of silence, spent by the participants with their families and reviewing their plans in the event of persecution. They said they