InfoSecBulletin Cybersecurity for mankind
The Trinity of Chaos, a ransomware group linked to Lapsus$, Scattered Spider, and ShinyHunters, has created a Data Leak Site on the TOR network. This site includes data from 39 companies, such as Aeromexico, AirFrance, Google, Cisco, Stellantis, and Qantas Airlines, affected by attacks on weak Salesforce instances and other vulnerabilities.
Trinity of Chaos, a ransomware collective presumably associated with Lapsus$, Scattered Spider, and ShinyHunters. Resecurity’s previous report indicates that the group will continue its activities, now focusing on traditional ransomware.
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion
CVE-2026-0257
Palo Alto Warns of GlobalProtect VPN Vuln Actively Exploited
BD Gov.t to set up Tk192.66cr AI hub with support from Koica
Critical Splunk Enterprise Pre-Auth RCE Chain Exposes Databases With Zero Authentication
Anthropic disables Fable 5 and Mythos 5 Access after US order limiting foreign access
Using AI, Researcher Hacks Google and Earns $500,000 Bug Bounty
Chrome 149 fixes 28 flaws, including critical UAF bugs
The Data Leak Site (DLS) lists recent victims like Stellantis, which revealed a data breach affecting North American customers on September 21, 2025. This followed an attack on Jaguar Land Rover that disrupted its retail and production.
Most leaked data samples don’t include passwords but have a lot of PII, suggesting they probably come from compromised Salesforce instances due to vishing attacks and stolen OAuth tokens linked to Salesloft’s Drift AI chat integration. This has led the FBI to issue a flash warning with technical indicators for organizations to check for potential intrusions in their Salesforce systems.
A Resecurity report has revealed a growing global cybercrime campaign led by LAPSUS$, ShinyHunters, and Scattered Spider. Despite claims of their “retirement,” this group continues to hack and extort large companies, with many significant data breaches still undisclosed. The report indicates an increase in private extortion efforts, suggesting the real impact of these hackers may be much larger than known. They also claim to have updated the Data Leak Site (DLS) after October 10, which now features over 1.5 billion records.
Resecurity analysts indicate that new victims and incidents are now surfacing. Ongoing extortion activities and the group’s reputation are pressuring companies to remain silent, revealing the extent of compromised data in the Fortune 100, financial, technology, aviation, retail, and auto sectors.
Cybersecurity experts warn that cybercriminals could use stolen data for harmful purposes, including in AI applications. They can analyze victim information to gain insights and connect data sets, enabling sophisticated social engineering, targeted phishing, and identity theft, particularly against large businesses and government entities.
