Crims found the soft spot in the company's security. MyPillow, the US-based bedding brand founded by election conspiracy theorist Mike Lindell, has been listed by Play ransomware extortionists as an alleged victim. The pillow shop first appeared on Play’s name-and-shame data leak site on Monday, with the gang threatening to leak stolen data by Friday if MyPillow execs don’t pay the ransom demand. While the extortionists didn’t specify how many gigabytes of data they allegedly stole from MyPillow, they claim it includes “private and personal confidential data, client documents, budget, payroll, IDs, taxes, finance information” and more, according to the dark-web post seen by The Register and shared on social media by threat-intel firm FalconFeeds. MyPillow did not immediately respond to The Register’s inquiries. We will update this story if we receive any response. As of May 2025, the FBI said Play ransomware operators had allegedly exploited about 900 organizations, and the crew’s ransomware variant consistently ranks among the top five targeting critical infrastructure. Play previously stole around 65,000 Swiss government files after breaching its IT supplier Xplain in 2023. A year later, the group hacked Microchip Technology. The American semiconductor manufacturer told regulators that the ransomware attack disrupted some of its business operations and cost it $21.4 million in expenses related to the security incident. North Korean government goons have also used Play ransomware in their intrusions. Cisco Talos' incident responders previously told The Register that Play was one of the crews that used so-called "EDR killers" to disable endpoint security products in their ransomware infections. MyPillow is probably best known for its founder and CEO's politics. Lindell is a major proponent of President Trump’s false claims that the 2020 election was stolen, and is now running for Minnesota governor. ®

A solo Russian-speaking threat actor used a jailbroken Google Gemini in a fraud and credential-theft campaign targeting hardcore Trump supporters and conspiracy theorists. Between September 2025 and May 2026, the “low-skilled” scumbag using the handle bandcampro partnered with the LLM to impersonate an American veteran, run a Telegram channel (@americanpatriotus), hack admin credentials, and steal cryptocurrency, according to a threat report from TrendAI. His only "real cost" in the operation was stolen API keys. Bandcampro ultimately reached about 17,000 subscribers, used 73 likely-stolen Gemini API keys, hacked 29 WordPress admin credentials, infiltrated at least one company, and emptied at least one victim’s cryptocurrency wallets, according to TrendAI researchers Philippe Lin, Joseph C Chen, Fyodor Yarochkin, and Vladimir Kropotov. The threat-hunters detailed the campaign in a Thursday report, and said while the Telegram channel dates back five years, bandcampro’s success skyrocketed once he started using AI-generated content last fall. "We have reached an inflection point for cybercrime conspiracies,” Tom Kellermann, TrendAI’s VP of AI security and threat research, told The Register, adding that “bandcampro's conspiracy underscores the sophistication of the Russian cybercriminal community and how weaponized jailbroken LLMs are manipulated to orchestrate a systemic cybercrime campaign.” Kellermann said the attack “highlights LLMs' Achilles heel, which is the tremendous exposure to API attacks." TrendAI researchers discovered the scammer’s infrastructure in May, which exposed the full contents of the individual’s operational environment. He used Google Gemini to generate the Telegram channel text and Venice.ai to power an interactive chatbot designed to simulate a Quantum Financial System (QFS) terminal. Neither Google nor Venice responded to The Register’s requests for comment. The campaign targeted the QAnon and MAGA communities, mimicking the cryptic, anonymous “Q drop” messages at the heart of the QAnon conspiracy, but the researchers say his “use of information operation techniques was more likely for cryptocurrency fraud instead of political motives,” based on the content posted, and the stock remote access trojan (RAT) used alongside other commercial malware. On September 9, 2025, the actor posted a fake "freedom-first, self-custody wallet" called StellarMonster, with a welcome bonus of up to 1,000 XLM (about $380) on the Telegram channel. It was an executable named StellarMonSetup.exe. Malware analysis determined that in reality, StellarMonSetup.exe is a legitimate remote access tool called GoToResolve, which gives the operator a persistent remote desktop session with file access, command execution, and clipboard capture. Plus, any subscribers who used the "import your wallet" function and typed their seed phrase into the fake import screen gave the attacker their wallet keys. “At least one victim's crypto-wallet was fully compromised: password cracked, 12-word mnemonic stolen, and the owner's 40+ wallet addresses harvested across all major chains,” the researchers noted. The attacker also used an AI-powered brute-forcing tool to hack WordPress accounts, we’re told. “The script is built on the premise that people mutate familiar base passwords in predictable ways, and Gemini 2.5 Flash can model the mutations when supplied with static wordlists,” Trend wrote. In total, the AI-assisted WordPress hacking operation cracked 29 WordPress administrator accounts, including those belonging to weapons retailers, legal offices, medical practices, and small commercial sites. During his conversations with Gemini, bandcampro asked questions like: “When the bot accumulates 5,000 active users, how much can we earn from one pump-and-dump cycle?” The criminal also asked how professional crypto call centers scam North American victims and Gemini suggested Medicare and/or Health Canada fraud targeting the elderly. The Russian speaker also automated his content campaign through a pipeline he named "Quantum Patriot," a set of Python scripts that called Gemini to role-play as an American veteran patriot. The pipeline fed a preset list of newsfeeds into the LLM and Gemini rewrote them, prompted to act as an admin of an “American Patriot” channel looking for “hidden angles.” The crypto- and credential-thief also used Gemini to help him hack, set up a command-and-control framework - including a mail-testing tool, a Gmail aggregator, and an anonymous proxy on a VM in the Netherlands - steal and validate credentials, and run the chatbot. “In the anatomy of one busy working day, Gemini deployed servers, helped debug code, automated workflows, wrote a script to rotate API keys, and managed the actor’s Cloudflare tunnels,” the TrendAI researchers wrote. “The actor prompted in Russian, while the LLM reasoned and replied in English. Over one 16-hour session, the actor co-worked with Gemini end-to-end." At one point, after a nine-hour pause from the human partner, which the authors say “was likely a 9-hour sleep,” bandcampro found the bot posting every 20 minutes without a break - but with Russian slang appearing in the English posts. So he opened another session to fix it. “What previously required a team of writers, social media managers, IT workers, and malware programmers can now be automated by a single actor using a VPS, a Telegram bot, and API access to frontier models,” Trend’s team warned. ®

A Shai-Hulud copycat has turned up in yet another npm package just five days after TeamPCP open sourced the worm and announced a supply-chain attack competition on BreachForums. The poisoned package, chalk-tempalte, masquerades as an extension for the popular JavaScript terminal string styling library Chalk. It now contains a clone of Shai-Hulud, which TeamPCP published last week on GitHub after poisoning more than 170 npm packages with the credential-stealing malware as part of the ongoing supply chain attacks targeting open source dev tools. Plus, the same scumbag that uploaded the worm to chalk-tempalte also published three other malicious npm packages - @deadcode09284814/axios-util, axois-utils, and color-style-utils - containing infostealer code, according to Ox security researchers, which detected and reported the malware over the weekend. “The four malwares are inherently different, as the collected data varies between them, including exfiltrated IP addresses, cloud configurations, crypto wallets, environment variables, and even one malware turning the victim’s machine into a DDoS botnet – all from the same npm user,” researcher Moshe Siman Tov Bustan wrote on Sunday. Anyone installing any version of the packages is affected, he added, noting the total number of weekly downloads is 2,678. On Monday, the researchers told The Register that the npm user behind all four new stealer infections ran the supply-chain campaign from a home computer or local server farm. "The use of lhr.life is a clear indicator of a reverse proxy used to expose an internal network to the internet," they wrote in an email, adding that the miscreant(s) seem to be financially motivated as the code targets victims' cryptocurrency wallets and accounts. Plus, the DDoS botnet component "could indicate affiliation with anarchy groups looking to take down infrastructure and services, or intent to sell it as DDoS-as-a-service," they added. If you are running any of the four, immediately uninstall the malicious package and delete any related malicious configuration from IDEs and Claude Code or other coding agents. You should also rotate your keys on any affected machines, and check for GitHub repositories containing the string “A Mini Sha1-Hulud has Appeared,” the application security shop cautions. The Shai-Hulud copycat, like the original worm, steals secrets, credentials, crypto wallets, accounts, and other sensitive data, and sends all of this to a remote command-and-control server: 87e0bbc636999b[.]lhr[.]life. It also uploaded the stolen credentials to a new GitHub repository. The @deadcode09284814/axios-util malware collects and exfiltrates SSH keys, environment variables, and cloud credentials to 80[.]200[.]28[.]28:2222, and the color-style-utils stealer hoovers up IP addresses, IP geo-locations, and crypto wallets and sends them to edcf8b03c84634[.]lhr[.]life. The fourth malicious npm package (axois-utils) calls its payload a “phantom bot.” The code is written in Go, and contains a DDoS botnet that floods websites with HTTP, TCP, UDP and Reset requests. Persistence mechanisms also ensure it remains on the infected machine even after the package has been deleted. All four of these are from the same npm user, and Bustan warns that this influx of infostealers spreading across npm is “just the first phase of an upcoming wave of supply chain attacks coming.”®

Observability outfit Grafana Labs has revealed that an attacker accessed its GitHub repository and stole its codebase. In social media posts the company blamed the situation on an “unauthorized party” who was somehow able to obtain a token that offered access to its GitHub environment. The company thinks it has identified the source of the credential leak, and therefore “invalidated the compromised credentials and implemented additional security measures to further secure our environment against unauthorized access.” But that didn’t stop the attacker from threatening to release the company’s code unless Grafana paid a ransom. Grafana says it won’t pay. “Based on our operational experience and the published stance of the Federal Bureau of Investigation, which notes that ‘paying a ransom doesn't guarantee you or your organization will get any data back’ and only ‘offers an incentive for others to get involved in this type of illegal activity,’ we have determined the appropriate path forward is to not pay the ransom,” the company wrote. It’s not clear if that stance is entirely principled, because plenty of Grafana’s products are already open source. The company’s posts suggest that the attacker accessed code that is not freely available. The Register has sought clarification about just what the attacker accessed, because if they lifted code that’s mostly already open source there’s little reason for Grafana to pay a ransom! Grafana’s decision not to pay may also be easier than it is for other victims of cybercrime because the company says it “determined that no customer data or personal information was accessed during this incident, and we have found no evidence of impact to customer systems or operations.” The company therefore appears confident that whatever code the attackers downloaded won’t make a material different to its business, or harm customers. The same couldn’t be said for educationware giant Canvas, which last week paid extortionists after they claimed to have stolen data describing over 275 million students and faculty. The Register will update this story if we receive additional information from Grafana Labs. ®

FEATURE When Instructure “reached an agreement” with data theft and extortion crew ShinyHunters this week, the education tech giant assured Canvas users after attackers claimed to have stolen data tied to 275 million students, teachers, and staff that their private chats and email addresses would not turn up on a dark-web marketplace, and that they would not be extorted over the incident. “We received digital confirmation of data destruction (shred logs),” Instructure assured the nearly 9,000 affected universities and K-12 schools. “We have been informed that no Instructure customers will be extorted as a result of this incident, publicly or otherwise.” Not a single responder that The Register spoke with believes this is true. “Do I believe they deleted the data? No. They're criminals and scumbags,” Recorded Future threat intelligence analyst Allan Liska, aka the Ransomware Sommelier, told us. “But, this is part of what Max Smeets calls ‘The Ransomware Trust Paradox,’” he added. “Ransomware groups have to, minimally, not post data they claimed to have deleted or no one will pay them in the future, but this is done knowing that the data is likely not deleted.” Halcyon Ransomware Research Center SVP Cynthia Kaiser, who previously spent two decades at the FBI, said she doesn’t think that anyone who studies ransomware groups’ operations believes the gang actually destroyed the stolen files. “‘We destroyed the data’ is a standard line from extortion groups once a payment is made or negotiations conclude, but time after time it has proven untrue,” Kaiser told The Register. “ShinyHunters in particular has a documented history of recycling, reselling, and re-leveraging stolen data across campaigns – data they claimed was contained from earlier intrusions has resurfaced on criminal forums months and years later.” Kaiser also doesn’t think this is the last threat that the schools will face from the Canvas breach. “Halcyon expects targeted phishing waves against staff, students, and parents over the next six to 12 months using leaked names, email addresses, and Canvas chat context to make the lures convincing,” she said. To be clear: Instructure execs never directly said the company paid the ransom, and we don’t know the exact amount of money the criminals demanded from the digital learning biz. We do know, however, that “reached an agreement” is corporate-speak for the victim paid up. Alliance Risk CEO David Vainer estimates the figure sits somewhere between $5 million and $30 million. Meanwhile, this latest extortion attack illustrates the impossible choice facing organizations entrusted with protecting people’s data when digital thieves breach their networks and steal sensitive information. “The FBI says don’t pay,” Doug Thompson, chief education architect at cybersecurity firm Tanium, told The Register. “But the operational reality at 3 a.m. during finals week or enrollment season can push institutions toward a very different calculation. Until that incentive structure changes, education is likely to remain unusually vulnerable to extortion pressure.” To pay, or not to pay? The US federal government, law enforcement agencies, and private-sector threat intelligence analysts all advise victims not to pay a ransom. “Paying ransoms rewards and incentivizes the criminals, funding their search for new victims, and I’ve long advocated before for a ban on ransomware payments,” Emsisoft threat analyst Luke Connolly told us. “But in the absence of regulation applying to all organizations, the stark reality is that Instructure faced a crisis, and they negotiated to try to minimize risk and harm.” No company wants to pay a ransom to its attackers, and most say they won’t – at least in principle – because they don’t want to fund criminal operations and incentivize the crooks. There’s also no guarantee that paying will guarantee the return of their data or prevent additional extortion attempts. CrowdStrike surveyed 1,100 global security leaders last summer, and of the 78 percent who said they experienced a ransomware attack in the past year, 83 percent of those that paid ransoms were attacked again. Plus 93 percent lost data regardless of payment. While data suggests that fewer organizations are paying criminals’ ransom demands - Chainalysis found the percentage of paying victims in 2025 dropped to an all-time low of 28 percent, despite attacks hitting record highs - when faced with extortion or a ransomware infection, the "to pay or not to pay" debate becomes much more complicated. “Most organizations still say publicly that they won't pay, and many genuinely don't, but when the alternative is mass downstream harm to students, parents, and thousands of customer institutions, the calculus shifts,” Kaiser said. “Pay-or-leak groups like ShinyHunters specifically engineer that calculus by creating intense financial and reputational pressure, and when demands go unmet, they escalate to direct harassment of victim companies, employees, and clients.” ShinyHunters did just that. The crew initially compromised Instructure in late April, and after the initial pay-or-leak deadline passed on May 6, ShinyHunters switched tactics to school-by-school extortion. They injected a ransom message into about 330 Canvas school login portals, causing Instructure to take the platform offline for a day - during final exams and Advanced Placement testing for many. Other ransomware scum have gone to horrifying extremes, posting pictures and addresses of preschool children in an effort to get a payday, leaking cancer patients’ nude photos and threatening them with swatting attacks. Mandiant Consulting CTO Charles Carmakal previously told The Register that ransomware infections have morphed into "psychological attacks” with crooks SIM swapping executives’ kids to pressure their parents into paying. Calculating risk In addition to responding to criminals directly harassing their students, patients, customers and employees, victim organizations also have to take into account potential lawsuits if the crooks dump individuals’ personal or health data, and the reputational hit from seeing all of this protected information published online. The decision about what to do in a ransomware attack revolves around risk reduction, Liska said. “Not paying a ransom means an increased risk of data exposure, which in this case could cause serious harm,” he told us. “While there is no good decision in most ransomware negotiations, the idea is to protect as many people as possible and that may mean that paying is the least bad option.” While he didn’t respond to or investigate the Instructure case, “protecting children's data is absolutely a critical factor in these types of decisions, especially when the attacks originate from one of the groups associated with The Com,” Liska added. The Com, a loosely knit group of primarily English speakers who are also involved in several interconnected networks of hackers, SIM swappers, and extortionists such as ShinyHunters and Scattered Lapsus$ Hunters, has been known to blackmail kids and teens into carrying out shootings, stabbings, and other real-life criminal acts. “These groups are known to coerce victims using threats of physical harm, including bricking and swatting," he said. "Not paying may have increased the risk of serious harm to the children whose data was exposed.” A representative of ShinyHunters contacted The Register to "deny any and all association, affiliation, and/or linkage with 'The Com' including 'Scattered Lapsus Hunters'" The rep said "There is no actual concrete evidence to support that we are associated, affiliated, or linked to the aforementioned. These are baseless allegations and industry propaganda surrounding 'The Com.'" The Shiny one admitted that some of their crew's tactics are similar to those the other gangs use but suggested it's lazy to assume a link. "If China or North Korea used vishing to infiltrate organizations networks would they also immediately become associated with “The Com?'" the representative asked. Ed sector 'more likely to pay' Instructure’s intrusion follows several other high-profile attacks against education-sector software providers. In December 2024, PowerSchool suffered a breach, affecting tens of millions of students. The company reportedly paid about $2.85 million in bitcoin in exchange for a video supposedly showing the attackers destroying the data. But about five months later, in May 2025, the ed-tech provider’s school district customers received individual extortion threats from either the same ransomware crew that hit PowerSchool or someone connected to the crooks. Earlier this year, ShinyHunters claimed it stole data from K-12 software provider Infinite Campus as part of a broader wave of Salesforce-related intrusions. “Education keeps emerging as one of the sectors where organizations are still more likely to pay under pressure,” Thompson said. In addition to students’ – especially minors’ – data containing highly sensitive personal details, and therefore presenting an attractive target for attackers, this is also driven in part by market pressure and economics. It’s costly and inconvenient for schools to switch learning management systems, and they are typically locked into multi-year contracts with these software vendors, according to Thompson. “The other issue is concentration,” he said. “A relatively small number of vendors hold data for enormous portions of the education system. PowerSchool, Infinite Campus, Canvas, Blackboard; those four hold records on something close to every American student, and hackers know it. Three of the four have been breached at a multi-million-record scale in the last 18 months.” Thompson said he expects to see additional attacks against major education platforms to follow. “The economics are good. Instructure paid. PowerSchool paid last year. Every other ed-tech vendor's board just had a conversation about what their number would be,” he told us. “The pattern is established.” According to Connolly, the universities and K-12 schools affected by the Canvas hack shouldn’t consider their data safe, regardless of Instructure’s assurances or the crooks' promises to delete it. “There will be future attacks, without a doubt.” ® Correction: The estimate of $5 million to $30 million comes from Alliance Risk CEO David Vainer.