Tag: API key compromise

man in gray crew neck t-shirt using laptop computer
Security

ShinyHunters’ Salesforce assault exposed 275M Canvas users — a supply-chain problem, not just an LMS outage

ShinyHunters claims it extracted roughly 3.65 TB of data from Instructure’s systems, affecting about 275 million people across nearly 9,000 institutions. This was not simply a broken Canvas instance: investigators say the attackers used compromised Salesforce credentials and API keys tied to Instructure’s SaaS stack, turning a single vendor compromise into a global extortion campaign. […]

admin 
Programmer coding at a desk with several monitors.
Security

Mercor breach: a LiteLLM supply‑chain compromise that exfiltrated terabytes

Mercor’s recruiting platform was breached after attackers slipped malicious code into a published LiteLLM package, turning a widely reused open‑source proxy into a broad data exfiltration channel. The incident — detected and removed from distribution within hours but still exploited — exposed terabytes of sensitive material and has forced immediate, industry‑wide dependency audits and credential […]

admin