Workday Hit by Cyber Attack Following Collaboration Between Scattered Spider and ShinyHunters
Workday, the U.S.-based company known for providing HR and financial management solutions, has fallen victim to a cyber attack suspected to involve ransomware. The breach is believed to be the result of a collaboration between two notorious hacking groups: ShinyHunters and Scattered Spider. The attack led to a significant data leak, exposing personal information about Workday employees, including names, email addresses, phone numbers, and home addresses. This data is now at risk of being used for further social engineering attacks.
In a report filed with the SEC, Workday explained that the hackers gained access to its network by successfully impersonating HR professionals and tricking an employee into providing sensitive login credentials. Once the hackers had these credentials, they were able to infiltrate the company’s systems.
It’s worth noting that ShinyHunters is the same group responsible for breaching Google’s Active Directory and analytics servers through Salesforce instances earlier this year. Google identified and neutralized the threat in July 2025.
The FBI has issued a warning that the ongoing collaboration between ShinyHunters and Scattered Spider could lead to more cyber attacks targeting large corporations in the near future.
Qilin Ransomware Targets Inotiv Pharmaceutical in Data Breach
Inotiv, a prominent U.S. pharmaceutical company, has reportedly been attacked by the Qilin Ransomware group. The attack, which occurred on August 8, 2025, led to a breach involving sensitive data from employees, customers, and business partners.
According to sources familiar with the incident, Inotiv’s internal servers were compromised by Qilin, which managed to exfiltrate approximately 176GB of data—equating to around 162,000 files. The company’s incident response team was quick to take action, containing the malware and preventing further damage.
Qilin ransomware gang has since claimed responsibility for the attack and has threatened to release a portion of the stolen data as proof of its actions.
In recent weeks, cybercriminals have increasingly targeted telecom networks and healthcare-related businesses. These industries are particularly vulnerable due to the vast amounts of sensitive data they handle, making them prime targets for ransomware groups. The stolen information can cause significant panic and pressure companies to pay up to avoid further exposure.
Orange Belgium targeted by WarLock ransomware
Orange Telecom of Belgium has made it official that a hacking group dubbed WarLock was hit by a ransomware attack leading to data steal from over 850,000 customer accounts. The attack took place in July this year and WarLock ransomware group has taken claim for the incident and admitted that its hackers had access to data such as names, phone numbers, SIM card data, PUK codes and tariff plan info in addition to email addresses.
Security analysts say that this info steal can lead to SIM Swapping incidents in the future.
Join our LinkedIn group Information Security Community!
