惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Exploit Database - CXSecurity.com
V
Vulnerabilities – Threatpost
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
Webroot Blog
Webroot Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
TaoSecurity Blog
TaoSecurity Blog
I
Intezer
Application and Cybersecurity Blog
Application and Cybersecurity Blog
N
News | PayPal Newsroom
S
Security Affairs
T
Tor Project blog
P
Proofpoint News Feed
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Security @ Cisco Blogs
H
Heimdal Security Blog
Hacker News: Ask HN
Hacker News: Ask HN
Help Net Security
Help Net Security
U
Unit 42
云风的 BLOG
云风的 BLOG
The Hacker News
The Hacker News
Cisco Talos Blog
Cisco Talos Blog
量子位
F
Full Disclosure
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 叶小钗
有赞技术团队
有赞技术团队
T
Troy Hunt's Blog
P
Privacy & Cybersecurity Law Blog
Forbes - Security
Forbes - Security
人人都是产品经理
人人都是产品经理
L
Lohrmann on Cybersecurity
Apple Machine Learning Research
Apple Machine Learning Research
Microsoft Security Blog
Microsoft Security Blog
博客园 - Franky
腾讯CDC
AI
AI
Last Week in AI
Last Week in AI
Latest news
Latest news
Google Online Security Blog
Google Online Security Blog
N
Netflix TechBlog - Medium
Engineering at Meta
Engineering at Meta
GbyAI
GbyAI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
IT之家
IT之家
Martin Fowler
Martin Fowler
Blog — PlanetScale
Blog — PlanetScale
V2EX - 技术
V2EX - 技术
酷 壳 – CoolShell
酷 壳 – CoolShell

The Register - Security: Research

www.theregister.com Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs PRC-linked spies hid inside medical and military networks for more than a year, snooping through Gmail and stealing data Nobody needs Mythos or 0-days to build a chaos-causing computer worm – free open source models work just fine ChatGPT blindly trusts browser content, turning the page into a payload Russia-linked threat group put ChatGPT to work from lure to payload Kids can bypass some age checks with a drawn-on mustache What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia ORNL builds more sensitive GPS interference detector Researchers find sabotage malware that may predate Stuxnet Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus Anthropic, Google, Microsoft paid AI bug bounties – quietly Security reserchers tricked Apple Intelligence into cursing Don't open that WhatsApp message, Microsoft warns Security boffins harvest bumper crop of API keys from web Lightning-fast exploits mean patch fast, says Cisco Talos AI agents are 'gullible' and easy to turn into your minions Smooth criminals talking their way into cloud environments, Google says Snoops plant info-stealing malware on iPhones, Google warns Cybercrime up 245% since the start of the Iran war Rogue AI agents can work together to hack systems Fake applicants are sending security-killing malware AI agent hacked McKinsey chatbot for read-write access Kaspersky: No signs Coruna iPhone exploit kit made by US Perplexity Comet browser hole was exploitable via cal invite DEF CON hackers 'fed up with government,' Jake Braun says DEF CON hackers 'fed up with government,' Jake Braun says Ransomware payments cratered in 2025 – attacks did not Ransomware payments cratered in 2025 – attacks did not Claude's collaboration tools allowed remote code execution AI takes a swing at online anonymity Fake 'interview' repos lure Next.js devs into running secret-stealing malware Threat intelligence supply chain is full of weak links AI agents abound, unbound by rules or safety disclosures RAT disguised as an RMM costs crims $300 a month Android malware taps Gemini to navigate infected devices Posting AI caricatures on social media is bad for security Payroll pirates conned the help desk, stole employee’s pay Microsoft boffins show LLM safety can be trained away For the price of Netflix, crooks can rent AI crime ops For the price of Netflix, crooks can rent AI crime ops Fast Pair, loose security: Bluetooth accessories open to silent hijack Fast Pair flaw exposes Bluetooth devices to hijacking A simple CodeBuild flaw put every AWS environment at risk A simple CodeBuild flaw put every AWS environment at risk DeadLock ransomware uses smart contracts to evade defenders Python libraries in AI/ML models can be poisoned w metadata OpenAI patches déjà vu prompt injection vuln in ChatGPT Fake Windows BSODs check in at Europe's hotels to con staff into running malware Hotel staff tricked into installing malware by bogus BSODs Your car’s web browser may be on the road to cyber ruin China's Ink Dragon hides out in European government networks Browser 'privacy' extensions have eye on your AI, log all your chats NCSC finds cyber deception tools work, if deployed right 10K Docker images spray live cloud creds across the internet 'Botnets in physical form' are top humanoid robot risk 'Botnets in physical form' are top humanoid robot risk Apache warns of 10.0-rated flaw in Tika metadata toolkit Novel clickjacking attack relies on CSS and SVG 'Exploitation is imminent' of max-severity React bug Swiss government bans SaaS and cloud for sensitive info HashJack attack shows AI browsers can be fooled with '#' New ClickFix attacks use fake Windows Updates to swipe creds Years-old bugs in open source took out major clouds at risk LLM-generated malware improving, but not operational (yet) 3.5B WhatsApp users' info scooped through enumeration flaw 3.5B WhatsApp users' info scooped through enumeration flaw 50k more ASUS routers pwned by evolving Beijing-linked op Overconfidence is the new zero-day as teams stumble through cyber simulations LLM side-channel attack could allow snoops to guess topic Landfall spyware used in 0-day attacks on Samsung phones MIT Sloan shelves paper about AI-driven ransomware Security hole slams Chromium browsers - no fix yet OpenAI Atlas Browser tripped up by malformed URLs Devs of VS Code extensions are leaking secrets en masse Chatbots that butter you up make you worse at conflict Tile trackers leak unencrypted Bluetooth data, say boffins Beijing's RedNovember hacked critical US, global orgs Lazarus RAT code resurfaces in North Korean IT-worker scams Suspected Chinese spies broke into 'numerous' enterprises Deepfaked calls hit 44% of businesses in last year: Gartner Kaspersky: RevengeHotels returns with AI-coded malware Ruh-roh. DDR5 memory vulnerable to new Rowhammer attack HybridPetya ransomware dodges UEFI Secure Boot
Scattered Lapsus$ Hunters stress testing Zendesk weak spots
Carly Page Carly Page · 2025-11-28 · via The Register - Security: Research

Research

Zendesk users targeted as Scattered Lapsus$ Hunters spin up fake support sites

ReliaQuest finds fresh crop of phishing domains and toxic tickets

Scattered Lapsus$ Hunters may be circling Zendesk users for its latest extortion campaign, with new phishing domains and weaponized helpdesk tickets uncovered by ReliaQuest.

Researchers say they found more than 40 typosquatted and impersonation domains – names like "znedesk.com" or "vpn-zendesk.com" – designed to mirror Zendesk's portals over the past six months. Some host fake single sign-on (SSO) pages aimed at harvesting credentials, while others are used to submit fraudulent tickets to helpdesk staff.

All share common registration hallmarks – the same registrar (NiceNic), US or UK contact details, and Cloudflare-masked nameservers – a profile almost identical to that of a previous impersonation campaign targeting Salesforce. That similarity leads security watchers to suspect the same criminal crew is behind both schemes: the "retired" Scattered Lapsus$ Hunters crew.

"These elements are reminiscent of the recent Scattered Lapsus$ Hunters campaign that targeted customer relationship management platform Salesforce in August 2025," ReliaQuest's threat researchers said in a blog post this week.

This is more than phishing noise. According to ReliaQuest, the attackers appear to be chaining support interface impersonation with targeted intrusions, submitting malicious tickets to legitimate Zendesk portals operated by real organizations, potentially dropping remote-access trojans (RATs) directly onto agents' machines. Once inside, they could pivot across corporate networks, quietly looting intellectual property or sensitive data.

These findings add uncomfortable context to the September 2025 Discord breach, which involved Discord's Zendesk-based support system being compromised. At the time, the incident was treated as an isolated data grab – albeit a miserable one, with attackers lifting user names, email addresses, billing details, IP logs, and government-issued IDs.

However, ReliaQuest says this breach was likely the work of Scattered Lapsus$ Hunters, and the new pile of impersonation domains and agent-targeted tickets indicates the group is likely doubling down on support platforms as part of its attack strategy. The gang even bragged on Telegram earlier this month: "Wait for 2026, we are running 3-4 campaigns atm," and warned incident responders to watch their logs through January 2026 because "#ShinyHuntazz is coming to collect your customer databases."

"It's likely that the Zendesk-related infrastructure we've uncovered is part of one of these campaigns," said ReliaQuest. "Scattered Lapsus$ Hunters claimed responsibility for a compromise of the customer success platform Gainsight in November 2025; it's realistically possible that Zendesk is the second of these campaign targets promised on Telegram."

Scattered Lapsus$ Hunters has already made headlines this year with a major campaign against Salesforce. In October, the group launched a dark web leak site claiming data theft from dozens of Salesforce customers. The cybercrime crew claims they stole up to a billion records, and threatened to publish them unless its ransom demands were met.

This fresh wave of attacks reflects a structural shift. Rather than hacking networks directly or exploiting zero-days, modern cybercriminals are weaponizing identity and trust in SaaS tooling.

Scattered Lapsus$ Hunters themselves are a coalition of previously separate outfits: social engineering specialists from Scattered Spider, data theft veterans from ShinyHunters, and the extortion-oriented Lapsus$ – effectively forming a "supergroup" tuned to the contours of 2025 enterprise IT.

That makes their interest in helpdesk infrastructure logical. Zendesk is used by more than 100,000 companies for internal and external support workflows. Compromise that, and you may own the front door to thousands of firms. ®