Shinyhunters

breaches 2026-05-05
ShinyHunters Hits Instructure Again: 3.65TB, 275M Canvas Users, May 6 Ransom Deadline
ShinyHunters claims 3.65TB stolen from Instructure's Canvas platform — 275M users across ~9,000 institutions. Second hit in eight months. Ransom timer expires tomorrow.
shinyhunters instructure canvas-lms edtech data-breach salesforce extortion
2026-05-03
The OAuth Pivot: How SaaS-to-SaaS Trust Became the 2026 Supply Chain Attack
Salesloft Drift industrialized it. UNC6040 weaponized vishing into it. Vercel and Context.ai proved it pivots through Google Workspace. The pattern is the same: a third-party SaaS gets popped, the attacker inherits its OAuth grants, and your password reset does absolutely nothing.
oauth saas-supply-chain salesforce google-workspace unc6040 shinyhunters vercel salesloft drift connected-app refresh-token opinion
supply-chain 2026-04-20
Vercel Breach: Context.ai OAuth Pivot Exposes Customer Environment Variables
A Lumma Stealer infection at Context.ai gave attackers an OAuth path into a Vercel employee's Google Workspace, then into customer environment variables. ShinyHunters is now selling the data for $2M.
supply-chain oauth vercel context-ai shinyhunters saas google-workspace
breach 2026-04-19
ShinyHunters Dumps 3M Cisco Salesforce Records as UNC6040 Vishing Campaign Expands
ShinyHunters leaks 3M+ Cisco Salesforce CRM records tied to the UNC6040 vishing/OAuth-abuse campaign, exposing federal procurement data, AWS resource references, and GitHub repo names.
shinyhunters salesforce cisco vishing unc6040 oauth data-breach saas-supply-chain
incident 2026-04-04
European Commission Confirms Cloud Breach — Trivy Supply Chain Attack Cascades Into 30+ EU Entities
The European Commission confirms a data breach affecting 30+ EU entities after the compromised Trivy scanner leaked AWS API keys to TeamPCP. ShinyHunters published 92 GB of stolen data.
supply-chain trivy aws european-commission shinyhunters teampcp cloud data-breach

Shinyhunters

ShinyHunters Hits Instructure Again: 3.65TB, 275M Canvas Users, May 6 Ransom Deadline

The OAuth Pivot: How SaaS-to-SaaS Trust Became the 2026 Supply Chain Attack

Vercel Breach: Context.ai OAuth Pivot Exposes Customer Environment Variables

ShinyHunters Dumps 3M Cisco Salesforce Records as UNC6040 Vishing Campaign Expands

European Commission Confirms Cloud Breach — Trivy Supply Chain Attack Cascades Into 30+ EU Entities