Threat Intelligence / Actor / ShinyHunters / Bling Libra

ShinyHunters / Bling Libra

Nation: France · 5 tracked threat(s) · Categories: SUPPLY_CHAIN, DATA_BREACH, THREAT_ACTOR

Also known as: ShinyHunters, Shiny Hunters, UNC6040 (overlap), ShinyCorp, Sh1nyHunters, Shiny Corp, ShinyHunters 2.0, UNC6040, UNC6395, UNC6240, UNC6661, UNC6671

Tracked threats

Vercel April 2026 Security Incident — Context.ai OAuth Supply Chain Compromise Exposing Employee Records, Plaintext Environment Variables, and npm/GitHub Tokens — HIGH
Vercel April 2026 Security Incident — Context.ai OAuth Compromise Leads to Google Workspace Takeover and Customer Environment Variable Exposure — HIGH
ShinyHunters Leaks 5.1 Million Panera Bread Customer Records — HIGH
ShinyHunters Evolves TTPs: Vishing and Login Harvesting for SSO/MFA Bypass — HIGH
ShinyHunters-Branded Extortion Campaign Expands with Vishing & SSO Attacks — HIGH

Full actor intelligence — infrastructure, IOCs, detection coverage and operator fingerprints — is available via the Threadlinqs MCP server (Purple tier). View plans →

Threadlinqs Intelligence