Google has admitted that some of its customer data was stolen after hackers managed to break into one of its Salesforce databases.
The company revealed the incident in a blog post on Tuesday, explaining that the affected database stored contact details and notes about small and medium-sized business clients. The hackers, a group known online as ShinyHunters and officially tracked as UNC6040, were able to access the system briefly before Google’s security team shut them out.
Google stressed that the stolen information was limited to “basic and mostly public” details, such as business names, phone numbers, and email addresses. It did not share how many customers were affected, and a company spokesperson declined to answer further questions, including whether any ransom demand had been made.
ShinyHunters is notorious for breaking into large organizations’ cloud systems. In this case, Google says the group used voice phishing, calling employees and tricking them into granting system access — to target its Salesforce environment. Similar breaches have recently hit other companies using Salesforce, including Cisco, Qantas, and Pandora.
While Google believes the breach’s immediate impact will be minimal, cybersecurity experts warn there may be longer-term risks. Ben McCarthy, a lead security engineer at Immersive, pointed out that even simple personal details, once in criminal hands, can be exploited for scams and phishing attacks. Unlike passwords, names, dates of birth, and email addresses cannot be changed.
Google says it detected and stopped the intrusion before all data could be removed. In fact, the hackers only managed to take a small portion of the targeted database. Earlier this year, without naming itself as the victim, Google had warned of a similar case where a threat actor retrieved only about 10% of data before being cut off.
Reports suggest the attackers may now be preparing to publish the stolen information on a data leak site, a tactic often used to pressure companies into paying ransoms. ShinyHunters has been linked to other criminal networks, including The Com, a group known for hacking, extortion, and sometimes even violent threats.
Adding to the uncertainty, the hackers themselves have hinted they might leak the data outright instead of trying to negotiate with Google. If that happens, affected business contacts could face targeted phishing campaigns or other cyber threats.
For now, Google maintains that its investigation is ongoing and says it is working to ensure no further data is at risk. Customers are advised to stay alert for suspicious calls, emails, or messages claiming to be from Google or related business partners.
Discount retail chain Dollar Tree has denied being the target of a recent cyberattack, following claims by a ransomware group that it stole sensitive company files. According to Dollar Tree, the data allegedly leaked online does not belong to them but appears to be from a completely different company.
The hacking group, which calls itself “INC Ransom,” listed Dollar Tree on its dark web site, stating it had stolen over one terabyte of confidential information, including personal documents such as scanned passports. The group even shared a sample of the files and quoted an old Dollar Tree press release to suggest it had access to internal information.
However, Dollar Tree has firmly denied being hacked. Company officials say the data actually comes from 99 Cents Only, a separate discount chain that went out of business earlier this year.
What really happened?
99 Cents Only, once a popular budget retailer, filed for bankruptcy in April 2024. Rising costs, pandemic aftereffects, and increasing theft were cited among the reasons for its financial collapse. By mid-2024, all 371 of its stores were shut down and assets liquidated.
Dollar Tree later acquired rights to 170 of these store locations, along with their U.S. and Canadian web domains and some store equipment. But according to Dollar Tree, they never purchased the company's internal data, networks, or systems.
A Dollar Tree spokesperson clarified the situation:
"The files mentioned in these cyberattack claims appear to be linked to former employees of 99 Cents Only. Dollar Tree only acquired certain real estate leases and select assets not their data or technology infrastructure. Any suggestion that we were breached is simply not true."
Because 99 Cents Only is no longer operational, its customer support lines and emails are inactive, making it difficult to get an official response from the company itself.
Is Dollar Tree affected?
Dollar Tree says there’s no indication its own systems were accessed or compromised. The company remains one of the largest and most profitable players in the U.S. discount retail sector, reporting over $17 billion in sales last year.
While the ransomware group has not clarified the confusion, cybersecurity experts suggest the mix-up may stem from Dollar Tree’s acquisition of 99 Cents Only store leases, which may have led attackers or observers to wrongly associate the two companies.
This incident is a testament to how misleading information can spread quickly, especially when legacy data from bankrupt companies becomes part of a broader breach.
Dollar Tree is continuing to monitor the situation but insists there is no current threat to its systems or customer data.
In an unsettling development in the ongoing cyber conflict linked to the Russia-Ukraine war, Ukrainian-aligned hacking groups have claimed responsibility for a large-scale cyberattack targeting a major Russian drone manufacturing company.
The targeted firm, identified as Gaskar Group, is believed to play a key role in supplying unmanned aerial vehicles (UAVs) to Russian forces. Two pro-Ukrainian hacker collectives, the BO Team and the Ukrainian Cyber Alliance, reportedly carried out the operation in collaboration with Ukraine’s military intelligence service.
The BO Team, a group known for supporting Ukraine through cyber operations, shared news of the breach on a Telegram channel on July 14. According to their statement, the team successfully gained full access to the internal network, servers, and data systems of the drone company. This breach reportedly allowed them to obtain sensitive technical details about existing and upcoming UAV models.
Following the infiltration, the hackers claimed they deleted a massive volume of data approximately 47 terabytes, which included 10 terabytes of backup files. They also say they disabled the company’s operational and support systems, potentially disrupting production and delaying the deployment of drones to the battlefield.
Ukrainian media sources have reported that Ukraine’s military intelligence has acknowledged the incident. In addition, some of the stolen data has allegedly been made public by the Ukrainian Cyber Alliance. These developments suggest that the cyberattack may have had a tangible impact on Russia’s drone supply chain.
While drone warfare has existed for years, the ongoing conflict has brought about a new level of reliance on smaller, low-cost drones for surveillance, attacks, and tactical missions. Both Ukraine and Russia have used these devices extensively on the frontlines, with drones proving to be a powerful asset in modern combat.
A March 2024 investigation by Reuters highlighted how drone use in Ukraine has grown to an unprecedented scale. First-person view (FPV) drones — often modified from commercial models have become especially important due to their low cost and versatility in hostile zones, where traditional aircraft are often vulnerable to air defense systems.
In June, drones were central to a Ukrainian strike known as "Operation Spiderweb," which reportedly resulted in major damage to Russian air assets.
In response to the latest incident, Gaskar Group has denied that the cyberattack caused serious damage. However, if the claims made by the hacking groups are proven true, the breach could significantly affect Russia’s ability to supply drones in the short term.
As cyber warfare continues to play a larger role in the ongoing conflict, incidents like these reflect how digital attacks are becoming just as critical as physical operations in today’s battles.
A 25-year-old British citizen has been formally charged in the United States for allegedly leading an international hacking operation that caused millions in damages to individuals, companies, and public institutions.
Authorities in the US claim the man, identified as Kai West, was the person behind an online identity known as "IntelBroker." Between 2022 and 2025, West is accused of breaking into systems of more than 40 organizations and trying to sell sensitive data on underground online forums.
According to court documents, the financial impact of the operation is estimated to be around £18 million. If convicted of the most serious offense—wire fraud—West could face up to 20 years in prison.
Prosecutors believe that West worked with a group of 32 other hackers and also used the online alias “Kyle Northern.” While officials didn’t name the specific forum used, various sources suggest that the activity took place on BreachForums, a site often linked to the trade of stolen data.
Investigators say West posted nearly 160 threads offering stolen data for sale, often in exchange for money, digital credits, or even for free. His alleged victims include a healthcare provider, a telecom company, and an internet service provider—all based in the US. While official names were not disclosed in court, separate reports connect the IntelBroker identity to past breaches involving major companies and even government bodies.
One particularly concerning incident tied to the IntelBroker persona occurred in 2023, when a data leak reportedly exposed health and personal information of US lawmakers and their families. This included details such as social security numbers and home addresses.
Officials say they were able to trace West’s identity after an undercover operation led them to one of his cryptocurrency transactions. A $250 Bitcoin payment for stolen data allegedly helped link him to email addresses used in the operation.
West was arrested in France in February and remains in custody there. The United States is now seeking his extradition so he can stand trial.
The US Department of Justice has called this a “global cybercrime operation” and emphasized the scale of damage caused. FBI officials described West’s alleged activity as part of a long-running scheme aimed at profiting from illegally obtained data.
French authorities have also detained four other individuals in their twenties believed to be connected to the same forum, although no further details have been made public.
As of now, there has been no official response or legal representation comment from West’s side.
A new type of harmful computer program, known as ‘PathWiper,’ has recently been found during a cyberattack on an important organization in Ukraine. Security researchers from Cisco Talos reported this incident but did not reveal the name of the affected organization.
Experts believe the attackers are linked to a Russian hacking group that has been known to target Ukraine in the past. This discovery adds to the growing concerns about threats to Ukraine’s key systems and services.
How the Cyberattack Happened
According to the researchers, the hackers used a common tool that companies normally use to manage devices in their networks. The attackers seem to have learned exactly how this tool works within the victim’s system and took advantage of it to spread the malware across different computers.
Because the attack was carried out using this familiar software, it likely appeared as normal activity to the system’s security checks. This made the hackers’ movements harder to notice.
What Makes PathWiper Different
Malware that destroys files, known as “wiper” malware, has been used in Ukraine before. However, PathWiper works in a more advanced way than some of the older malware seen in past attacks.
In earlier cases, malware like HermeticWiper simply searched through storage drives in a straight list, going one by one. PathWiper, however, carefully scans all connected storage devices, including those that are currently not active. It also checks each device’s labels and records to make sure it is targeting the right ones.
In addition, PathWiper can find and attack shared drives connected over a network. It does this by looking into the system’s registry, an area where Windows computers store important system details to locate specific paths to these network drives.
Why This Is Serious
The way PathWiper is built shows that cyber attackers are continuing to create more advanced and more damaging tools. This malware’s ability to carefully search and destroy files across many connected devices makes it especially dangerous to organizations that provide essential services.
Even though the war between Russia and Ukraine has been going on for a long time, cyber threats like this are still growing and becoming more complex. Security experts are warning companies in Ukraine to be extra careful and make sure their protective systems are up to date.
Staying Careful and Updated
It is very important to keep track of new information about this malware. Companies often fix security problems quickly, and attackers may also change their methods. Writers and researchers covering such topics must carefully check for updates and confirm facts using reliable sources to avoid sharing old or incorrect details.
Cisco Talos is continuing to watch this situation and advises organizations to stay alert.
A recent cyberattack has put the personal information of millions of South Korean mobile users at risk. SK Telecom, the country’s largest mobile service provider, has confirmed that a major data breach has affected up to 25 million customers. The attack was carried out using malware that could allow criminals to perform SIM swapping — a method where someone takes control of a person's phone number to access their accounts and data.
The company said it is still investigating the situation but assured the public that no misuse of the stolen data has been confirmed so far. Despite this, many customers are worried that the real damage could still happen in the future.
In response to the breach, a group of victims has come together to demand answers and action. This group, calling itself the “SKT USIM Hacking Joint Response,” says SK Telecom has not been clear about how serious the breach is. They fear that leaked phone numbers and related information could be used to break into other services, such as bank accounts, messaging apps, and social media platforms — all of which often use phone numbers for verification.
To ease concerns, SK Telecom has promised to provide free replacement SIM cards to all affected users. However, the company has run into challenges with supply. So far, it has only secured one million SIM cards and plans to get five million more by the end of May. This is far from enough to cover the 25 million people impacted, so it may take a while before everyone receives their replacement card.
SK Telecom has set up an online system where customers can book appointments to get their new SIM cards. But the company has warned that long wait times should be expected because of the high demand.
This incident has raised serious questions about mobile security and how quickly companies respond to digital threats. As people rely more on their smartphones for banking, shopping, and communication, protecting mobile data has never been more important.
Recently, Pakistan state-sponsored hacker groups launched multiple failed hacking attempts to hack Indian websites amid continuous cyber offensives against India after the Pahalgam terror attack. These breach attempts were promptly identified and blocked by the Indian cybersecurity agencies.
In one incident, the hacking group “Cyber Group HOAX1337” and “National Cyber Crew” attacked the websites of the Army Public School in Jammu (a union territory in India), trying to loiter on the site with messages mocking the recent victims of the Pahalgam terror attack.
In another cyberattack, hackers defaced the website of healthcare services for ex-servicemen, the sites of Indian Air Force veterans and Army Institute of Hotel Management were also attacked.
Besides Army-related websites, Pakistan-sponsored hackers have repeatedly tried to trespass websites associated with veterans, children, and civilians, officials said.
Additionally, the Maharashtra Cyber Department defected more than 10 lakh cyberattacks on Indian systems by hacking gangs from various countries after the April 22 terror attack on tourists in Pahalgam.
A Maharashtra Cyber senior police official said that the state’s police cybercrime detection wing has noticed a sudden rise in digital attacks after the Kashmir terror strike.
Experts suspect these cyber attacks are part of a deliberate campaign to intensify tensions on digital platforms. These attempts are seen as part of Pakistan’s broader hybrid warfare plan, which has a history of using terrorism and information warfare against India.
Besides Pakistan, cyberattacks have also surfaced from Indonesia, Morocco, and the Middle East. A lot of hacker groups have claimed links to Islamist ideologies, suggesting a coordinated cyber warfare operation, according to the police official.