VulnHub

Real-time Cybersecurity News

ShinyHunters-branded SaaS data theft attacks ramp up

SCM feed for Latest
Actively Exploited
PhishingExploit

Overview

Recent reports indicate that several threat groups, including UNC6661, UNC6671, and UNC6240, have intensified their cyber attacks under the ShinyHunters name. These attacks primarily target cloud-based software-as-a-service (SaaS) applications, employing tactics such as voice phishing and creating fake websites to steal user credentials. This surge in extortion-themed intrusions poses a significant risk to organizations relying on SaaS platforms, as attackers aim to exploit vulnerabilities for financial gain. Businesses and users need to be vigilant about potential phishing attempts and ensure their security practices are up to date to safeguard sensitive information.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Cloud-based software-as-a-service (SaaS) applications
  • Action Required: Users should verify the legitimacy of communications and avoid sharing sensitive information over untrusted channels.
  • Timeline: Ongoing since last month

Original Article Summary

Threat operations UNC6661, UNC6671, and UNC6240 have escalated extortion-themed cyber intrusions with the ShinyHunters branding that involved voice phishing and fake credential harvesting sites against cloud-based software-as-a-service apps last month, The Hacker News reports.

Impact

Cloud-based software-as-a-service (SaaS) applications

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since last month

Remediation

Users should verify the legitimacy of communications and avoid sharing sensitive information over untrusted channels. Implementing multi-factor authentication (MFA) may also help mitigate risks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Phishing, Exploit.

Read Original Article

Related Coverage

Ransomware surge prompts FCC guidance for stronger telecom security practices

SCM feed for Latest

The Federal Communications Commission (FCC) is urging telecom companies to enhance their cybersecurity practices in response to a rise in ransomware attacks. The FCC emphasizes that implementing basic security measures, such as regularly updating software, using multifactor authentication, and segmenting networks, can greatly reduce the risk of falling victim to these attacks. This guidance comes as ransomware continues to pose a significant threat to the telecommunications sector, which plays a crucial role in national infrastructure. By adopting these recommended practices, telecom providers can better protect sensitive customer data and ensure the reliability of their services. The FCC's advice serves as a timely reminder for the industry to stay vigilant against evolving cyber threats.

Feb 4, 2026

Denmark subjected to sweeping Russian cyberattack threats

SCM feed for Latest

Denmark is facing a significant cyber threat from a pro-Russian hacker group known as the Russian Legion. This group has declared intentions to launch large-scale cyber intrusions in response to Denmark's plans to provide military aid to Ukraine. The threat underscores the ongoing tensions between Russia and countries supporting Ukraine, marking a potential escalation in cyber warfare tactics. As Denmark prepares for these potential attacks, the government and cybersecurity agencies will need to bolster their defenses to protect critical infrastructure and sensitive data. This situation serves as a reminder of the complex relationship between geopolitical events and cybersecurity risks.

Feb 4, 2026

Negotiating with Scattered Lapsu$ Hunters discouraged

SCM feed for Latest

Experts from Unit 221B have issued a warning to organizations targeted by the Scattered Lapsus$ Hunters hacking group. They advise against negotiating with these attackers, as doing so can lead to intensified extortion attempts and victim harassment. Additionally, there is a strong likelihood that the attackers will not fulfill any promises to return stolen data. This situation raises concerns for companies that may be tempted to pay ransoms, as the risks associated with negotiation appear to outweigh any potential benefits. Organizations must be aware of these tactics and consider alternative strategies for addressing such incidents.

Feb 3, 2026

Cantwell claims telecoms blocked release of Salt Typhoon report

CyberScoop

Senator Maria Cantwell from Washington is pushing for hearings to investigate how AT&T and Verizon have responded to recent cyberattacks targeting telecom networks. She claims that these companies have obstructed the release of a report known as Salt Typhoon, which likely contains critical information about the hacks. Cantwell's calls for transparency come amid growing concerns about the security of telecommunication infrastructure, especially as it plays a vital role in national security and everyday communications. The outcome of these hearings could lead to increased accountability for telecom companies in how they protect their networks and respond to breaches.

Feb 3, 2026

What’s next for DHS’s forthcoming replacement critical infrastructure protection panel, AI information sharing

CyberScoop

Nick Andersen, a senior official at the Cybersecurity and Infrastructure Security Agency (CISA), recently outlined plans to enhance the Critical Infrastructure Partnership Advisory Council (CIPAC) and establish an Artificial Intelligence Information Sharing and Analysis Center (AI-ISAC). These initiatives aim to improve collaboration among government agencies and private sector organizations to better protect critical infrastructure. The focus on AI in cybersecurity reflects growing concerns about the potential risks and vulnerabilities associated with emerging technologies. The establishment of the AI-ISAC would facilitate the sharing of information related to AI threats, helping organizations stay ahead of potential cyber attacks. This move is significant as it underscores the need for updated frameworks to address the evolving landscape of cybersecurity challenges.

Feb 3, 2026

Ivanti’s EPMM is under active attack, thanks to two critical zero-days

CyberScoop

Ivanti's Endpoint Manager Mobile (EPMM) is currently facing serious security threats due to two newly discovered zero-day vulnerabilities. Initial limited attacks were reported before Ivanti made its findings public, but since then, numerous threat groups have exploited these weaknesses, leading to a surge in attacks. More than 1,400 instances of EPMM remain exposed, putting organizations at risk of unauthorized access and data breaches. This situation is alarming as it highlights the vulnerabilities in widely used software, prompting urgent action from affected users to protect their systems. Companies using EPMM should prioritize patching and securing their environments to mitigate the risks associated with these vulnerabilities.

Feb 3, 2026