Salesforce

breaches 2026-05-05
ShinyHunters Hits Instructure Again: 3.65TB, 275M Canvas Users, May 6 Ransom Deadline
ShinyHunters claims 3.65TB stolen from Instructure's Canvas platform — 275M users across ~9,000 institutions. Second hit in eight months. Ransom timer expires tomorrow.
shinyhunters instructure canvas-lms edtech data-breach salesforce extortion
2026-05-03
The OAuth Pivot: How SaaS-to-SaaS Trust Became the 2026 Supply Chain Attack
Salesloft Drift industrialized it. UNC6040 weaponized vishing into it. Vercel and Context.ai proved it pivots through Google Workspace. The pattern is the same: a third-party SaaS gets popped, the attacker inherits its OAuth grants, and your password reset does absolutely nothing.
oauth saas-supply-chain salesforce google-workspace unc6040 shinyhunters vercel salesloft drift connected-app refresh-token opinion
breach 2026-04-19
ShinyHunters Dumps 3M Cisco Salesforce Records as UNC6040 Vishing Campaign Expands
ShinyHunters leaks 3M+ Cisco Salesforce CRM records tied to the UNC6040 vishing/OAuth-abuse campaign, exposing federal procurement data, AWS resource references, and GitHub repo names.
shinyhunters salesforce cisco vishing unc6040 oauth data-breach saas-supply-chain

ShinyHunters Hits Instructure Again: 3.65TB, 275M Canvas Users, May 6 Ransom Deadline