Today, the U.K.'s National Crime Agency announced the arrest of two alleged members of Scattered Spider for their role in a cyber attack on Transport for London last year.

Thalha Jubair, 19, from East London, and Owen Flowers, 18, from Walsall, West Midlands, were arrested at their home addresses on Tuesday (16 September) by the NCA and City of London Police.

https://nationalcrimeagency.gov.uk/news/two-charged-for-tfl-cyber-attack

But now the U.S. has also unsealed a complaint against Jubair, charging him with conspiracies to commit computer fraud, wire fraud, and money laundering, in relation to at least 120 computer network intrusions and extortion involving 47 U.S. entities. The complaint alleges victims paid at least $115,000,000 in ransom payments.

See the DOJ press release for more about the charges against Jubair. If convicted and given the maximum sentence, he'd be facing 95 years in prison. Of course, that won't happen, but...

https://www.justice.gov/opa/pr/united-kingdom-national-charged-connection-multiple-cyber-attacks-including-critical

"The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens.

[...]

In March, one of the threat actors breached Salesloft's GitHub repository, which contained the private source code for the company.

ShinyHunters told BleepingComputer that the threat actors used the TruffleHog security tool to scan the source code for secrets, which resulted in the finding of OAuth tokens for the Salesloft Drift and the Drift Email platforms."

Read more of Lawrence Abrams' great reporting on Bleeping Computer:
https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/

#Salesforce #Salesloft #Oauth #Drift #databreach #ransom #ShinyyHunters #ScatteredSpider #LAPSUS$ #UNC6040 #UNC6395

Via @ianb

“They reached into my house and forced this update on me without users knowing. It’s just really unfortunate.”

https://www.404media.co/developer-unlocks-newly-enshittified-echelon-exercise-bikes-but-cant-legally-release-his-software/

NEW: Avantic Medical Lab hacked; patient data leaked by Everest Group:

https://databreaches.net/2025/07/09/avantic-medical-lab-hacked-patient-data-leaked-by-everest-group/

Running plumbing service calls with #Ransom on the platform I made for him… #dogs #DogsOfMastodon #photography #GermanShepherds #LongCoat #pets

NEW: Kentfield Hospital victim of cyberattack by World Leaks, patient data involved: https://databreaches.net/2025/07/05/kentfield-hospital-victim-of-cyberattack-by-world-leaks-patient-data-involved/

#databreach #HealthSec #PII #PHI #cybersecurity #extortion #ransom
#WorldLeaks

@CppGuy could be worse.

#Sipgate git #DDoS'd for #ransom years ago, which also impacted their #MVNO (#simquadrat) subscribers...

Help, please:

If anyone has a copy of the ransom note sent to PowerSchool in December 2024 or PowerSchool clients in May 2025, please email me a copy or upload it to me on Signal. I want to see not only the body, but the full header and signature.

PowerSchool has not been transparent about the extortion aspects of the incident and has not responded to inquiries.

To reach me on Signal, my number is +1 516-776-7756. Email: breaches@databreaches[.]net

#databreach #extortion #ransom #PowerSchool

@douglevin @funnymonkey @mkeierleber

Now it’s Tiffany: Another LVMH luxury brand hit by hackers:

https://databreaches.net/2025/05/26/now-its-tiffany-another-lvmh-luxury-brand-hit-by-hackers/

#databreach #hack #ransom #LVMH #Dior #Tiffany #cybersecurity #vendor

@campuscodi