Red Hat leak escalates: ShinyHunters demands money after GitLab breach – Techzine Global

The cyberattack on software company Red Hat has taken a new turn, with the hacker group ShinyHunters now joining the extortion attempt. The criminals published examples of stolen customer data on their own data breach platform. This seems to escalate the incident further.
The attack was initially claimed by a group known as the Crimson Collective. They claimed to have stolen nearly 570 gigabytes of internal data from some 28,000 development repositories. According to the attackers, the loot also includes hundreds of so-called Customer Engagement Reports (CERs), which contain confidential information about customers’ infrastructure and systems. When Red Hat did not respond to their extortion attempt, the criminals sought cooperation with other groups.
Reports from BleepingComputer indicate that Crimson Collective and Scattered Lapsus$ Hunters are collaborating and utilizing the ShinyHunters data leak site to exert pressure on Red Hat. In messages on Telegram, the hackers described their collaboration as a new alliance aimed at disrupting large companies.
Red Hat is now listed on the ShinyHunters website. The listing warns that the stolen data will be published on October 10 if the company does not enter into negotiations. According to the hackers, the sample files released include reports from Walmart, HSBC, the Bank of Canada, Atos Group, American Express, the US Department of Defense, and French telecom company SFR. Red Hat has confirmed to BleepingComputer that the attack is related to a GitLab environment used exclusively by the consulting division, but the company has not yet publicly responded to the new extortion threat.
Red Hat has since shared an update on the incident, as reported by Techzine. According to the company, immediate action was taken upon discovery of the breach. This resulted in the attacker losing access. The affected GitLab instance was isolated and the authorities were notified. The investigation into the circumstances is still ongoing.
GitLab emphasizes that there was no breach of its infrastructure. The incident only affects Red Hat’s self-managed version of GitLab Community Edition. Customers running this free version are responsible for security, updates, and access management.
ShinyHunters’ involvement fits into a broader pattern of what security researchers describe as “extortion-as-a-service.” In this model, a group offers its infrastructure and reputation to other criminals in exchange for a share of the proceeds, much like ransomware groups do. ShinyHunters claims to receive about a quarter of the ransom, with the rest going to the hackers who carry out the attacks.
In addition to Red Hat, financial services provider SP Global has also been named as a victim on the ShinyHunters platform. The company has not commented on the allegations, but emphasizes that as a publicly traded company, it is required to disclose significant cyber incidents.
GitLab / red hat / ShinyHunters
"*" indicates required fields
Broadcom has patched the CVE-2025-41244 vulnerability. A good thing i…
AMD has sold 6 gigawatts and $90 billion worth of AI capacity to Open…
We’re at the tipping point, says UiPath CEO Daniel Dines. It’s th…
Red Hat is investigating a security incident involving a self-managed…
Oracle has patched a critical vulnerability in E-Business Suite that was actively exploited in data theft att…
A cyber gang that previously announced it was disbanding has reemerged with a massive extortion threat target…
In practice, hacking people often proves easier than directly attacking systems. The vast majority of cyberat…
During Oktane25, Okta is focusing on agentic AI. Agent identities are becoming “first-class citizens” within …
Key points: A ransomware attack targeting the ARINC vMUSE syste…
Dutch enterprises are combining open-source foundations with enterpri…
An archive PST file in Outlook is a file in which older emails and ot…
In the never-ending quest for developer productivity gains, a new def…
How do you ensure your company data is both secure and quickly recove…
“A Buyer’s Guide to Enterprise Linux” comprehensively analyzes the mo…
The Data Protection Guide 2025 explores the essential strategies and…
The white paper “DNS Best Practices” by Infoblox presents essential g…
Techzine focusses on IT professionals and business decision makers by publishing the latest IT news and background stories. The goal is to help IT professionals get acquainted with new innovative products and services, but also to offer in-depth information to help them understand products and services better.
© 2025 Dolphin Publications B.V.
All rights reserved.

source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.