ZCyberNews
中文

#extortion

10 articles

ShinyHunters and BlackFile were the top threat actors in a series of extortion incidents covered by ZCyberNews between April 14 and May 17, 2026. Across ten articles, the education, cryptocurrency, hospitality, and media sectors were most frequently targeted, with impacts reported in North America and globally. Nine of the ten reports were classified as high severity, with one rated medium.

Grafana GitHub Token Breach Lets Attacker Download Full CodebaseHIGH
Industry News

Grafana GitHub Token Breach Lets Attacker Download Full Codebase

An attacker used a compromised GitHub token to download Grafana's entire private codebase. The company says no customer data was accessed and the incident involved an extortion...

3 min read
Instructure Pays ShinyHunters to Halt 3.65TB Canvas Data LeakHIGH
Industry News

Instructure Pays ShinyHunters to Halt 3.65TB Canvas Data Leak

ShinyHunters agreed to delete 3.65TB of stolen Canvas data after Instructure paid an undisclosed ransom. The breach affects thousands of schools and universities worldwide.

3 min readShinyHunters
ShinyHunters Breaches Vimeo, Leaks 119K User RecordsHIGH
Industry News

ShinyHunters Breaches Vimeo, Leaks 119K User Records

ShinyHunters leaked a 106GB archive of Vimeo data after breaching Anodot, exposing emails and names of 119,200 users. No credentials or payment info compromised.

2 min readShinyHunters
Instructure Data Breach: ShinyHunters Claims TheftHIGH
Industry News

Instructure Data Breach: ShinyHunters Claims Theft

ShinyHunters claims to have stolen data from Instructure, the edtech firm behind Canvas LMS. Instructure confirms a breach involving unauthorized access to certain systems and…

2 min readShinyHunters
ADT Confirms Breach as ShinyHunters Leaks Customer DataHIGH
Industry News

ADT Confirms Breach as ShinyHunters Leaks Customer Data

ADT confirmed a data breach after ShinyHunters leaked 30,000+ customer records including names, emails, and account details from a compromised Salesforce instance.

2 min readShinyHunters
BlackFile Extortion Group Targets Retail, Hospitality via VishingHIGH
Threat Intel

BlackFile Extortion Group Targets Retail, Hospitality via Vishing

BlackFile extortion group has hit at least 12 retail and hospitality organizations since Feb 2026, using vishing to steal VPN credentials and exfiltrate data before demanding…

2 min readBlackFile
McGraw Hill Breach: ShinyHunters Leaks 13.5M User RecordsHIGH
Threat Intel

McGraw Hill Breach: ShinyHunters Leaks 13.5M User Records

ShinyHunters published data from 13.5 million McGraw Hill accounts — names, emails, institutional affiliations — stolen from a misconfigured Salesforce instance.

3 min readShinyHunters
McGraw-Hill Data Breach Exposes 13.5 Million Users via SalesforceHIGH
Threat Intel

McGraw-Hill Data Breach Exposes 13.5 Million Users via Salesforce

Education publisher McGraw-Hill confirms a data breach exposing 13.5 million users' personal data, linked to a misconfigured Salesforce environment. Over 100GB of stolen data has been publicly distributed online following an extortion attempt.

3 min read
Kraken Faces Extortion After Insider Breach Exposed Bug Bounty FlawHIGH
Threat Intel

Kraken Faces Extortion After Insider Breach Exposed Bug Bounty Flaw

Kraken's security team discovered an insider breach where a researcher exploited a zero-day flaw to steal $3 million in crypto, then demanded a bug bounty payment.

4 min read
McGraw-Hill Data Breach Linked to Exploited Salesforce MisconfigurationMEDIUM
Threat Intel

McGraw-Hill Data Breach Linked to Exploited Salesforce Misconfiguration

McGraw-Hill breached via a misconfigured Salesforce instance — ShinyHunters claim 13.5M user records exposed. Root cause, scope of access, and what educators and SaaS admins should check now.

3 min read

Stay Updated

Get the latest cybersecurity news delivered to your inbox.