If there were a soundtrack for this post, it would be Queen’s “Another One Bites the Dust.” There’s another chapter in the ongoing drama that is “BreachForums.” Yesterday,  the BreachForums clone at breached[.hn]  was listed for sale for $3k USD. By today, they had dropped the price to $ 1,500 USD and still couldn’t seem...

Source

From Mandiant and Google Threat Intelligence Group, an advisory: Mandiant and Google Threat Intelligence Group (GTIG) have identified an active compromise and extortion campaign attributed to UNC6240 (ShinyHunters) targeting Oracle PeopleSoft application infrastructure. The activity was observed between May 27, 2026, and June 9, 2026 and is consistent with the exploitation of CVE-2026-35273, a critical remote...

Source

When Instructure did not contact ShinyHunters to negotiate any payment after ShinyHunters attacked them for a second time in April,  the threat actors threatened to leak every school’s data, and posted a notice telling schools how to contact them directly to avoid having their data leaked. When Instructure still didn’t contact them after that escalation, ...

Source