Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: shinyhunters (42 articles)Clear

CERT-EU confirms TeamPCP breached European Commission via Trivy - 30 EU entities exposed, 340GB leaked

The European Commission cloud hack we first reported on March 29 is far worse than initially disclosed. CERT-EU now confirms TeamPCP used an AWS API key stolen through the Trivy supply chain attack to breach the Commission's Amazon cloud environment on March 10 - five days before anyone noticed. The stolen data includes personal information, usernames, and 52,000 email files across 71 hosted clients: 42 internal Commission departments and at least 29 other EU entities. ShinyHunters published the full 340GB dataset on their leak site.

Check
If your organization interacted with any Europa.eu hosted service, assume your contact data may be in the leaked dataset.
Affected
42 internal European Commission clients and at least 29 other EU entities using the Europa.eu web hosting service. Any organization that exchanged emails with these entities may have data in the leak.
Fix
Monitor for credential exposure from the leaked dataset. If you used Trivy in CI/CD pipelines, rotate all AWS keys and pipeline secrets immediately. Block scan.aquasecurtiy[.]org and 45.148.10.212. Pin Trivy to v0.69.3, trivy-action to v0.35.0, setup-trivy to v0.2.6.

Hims & Hers discloses breach after ShinyHunters steal millions of Zendesk support tickets via Okta SSO

Telehealth giant Hims & Hers - nearly $1 billion in annual revenue, millions of subscribers - disclosed that hackers stole customer support tickets from its Zendesk instance between February 4-7. The ShinyHunters extortion gang conducted the breach by compromising Okta SSO credentials through social engineering, then pivoting into the Zendesk platform. Stolen data includes names, contact information, and details from support requests. No medical records or doctor communications were compromised. The company took two months to disclose.

Check
Review whether your organization uses Zendesk with Okta SSO integration - this same attack pattern has hit multiple companies recently.
Affected
Any organization using Zendesk integrated with Okta SSO for authentication. Hims & Hers, ManoMano, and Crunchyroll were all breached through this pattern.
Fix
Enforce phishing-resistant MFA (FIDO2 hardware keys) on all Okta accounts - standard TOTP/push MFA can be bypassed by social engineering. Audit Okta sign-in logs for SSO sessions accessing Zendesk from unusual locations. Review third-party SaaS integrations connected through your identity provider.