CIRCLE WITH A DOT

Incident Summary:Victim: Wynn ResortsThreat Actor: ShinyHuntersImpact: Employee data accessedClaim: 800k+ PII recordsAlleged vector: Oracle PeopleSoft environmentOperational notes:• Incident response + external experts engaged• Leak site entry removed• Credit monitoring deployedShinyHunters TTPs historically include:– Vishing against SSO– OAuth token abuse– Device code phishing targeting Entra / identity ecosystems– SaaS data exfiltrationIdentity is the pivot point.Source: https://www.bleepingcomputer.com/news/security/wynn-resorts-confirms-employee-data-breach-after-extortion-threat/Follow us for tactical threat briefings.Share detection or IAM hardening insights below.#Infosec #ThreatIntel #IdentitySecurity #SSO #MFA #ShinyHunters #CyberExtortion #DataProtection #IAM #SOC #BlueTeam #SecurityEngineering

Vishing-Based Compromise at Optimizely Highlights Identity RiskAttackers gained access via voice phishing, targeting SSO-linked systems and CRM records. No confirmed privilege escalation, but exposure of business contact data reinforces how social engineering bypasses perimeter defenses.Activity patterns resemble ShinyHunters campaigns abusing MFA prompts and OAuth 2.0 device authorization flows.Common post-access targets include Salesforce, Microsoft 365, Google Workspace, Slack, SAP, Atlassian - wherever SSO tokens provide lateral access.Identity is the control plane. Once tokens are compromised, downstream exposure scales quickly.Is your organization monitoring abnormal device code authentication and token issuance events?Source: https://www.bleepingcomputer.com/news/security/ad-tech-firm-optimizely-confirms-data-breach-after-vishing-attack/Engage below.Follow @technadu for actionable threat intelligence.#Infosec #Vishing #OAuth #IAM #SSO #ZeroTrust #ThreatHunting #SOC #IdentitySecurity #CyberRisk