Hundreds of organizations have been targeted in a new phishing campaign.

The ShinyHunters group has launched a large-scale credential‑theft operation targeting over 100 organizations across sectors including tech, healthcare, finance, and retail. Attackers relied heavily on vishing and advanced phishing kits to bypass MFA on Okta and other SSO platforms. Fake domains mimicking major brands like Atlassian, Canva, Epic Games, and HubSpot were used to trick employees into surrendering credentials. Silent Push linked the attacks to a collaborative threat group known as Scattered LAPSUS$ Hunters, with stolen records already surfacing on leak sites.

Read more:

https://www.securityweek.com/over-100-organizations-targeted-in-shinyhunters-phishing-campaign/