Trinity of Chaos Leaks Data from 39 Companies — Google, Cisco Among Targets

A newly formed ransomware collective calling itself the Trinity of Chaos has published a data leak site (DLS) on the TOR network exposing the stolen records of 39 prominent corporations, including Google Adsense, CISCO, Toyota, FedEx and Disney/Hulu.

The alliance comprises threat actors from Lapsus$, Scattered Spider and ShinyHunters, signaling a shift toward traditional ransomware extortion tactics and raising alarm across multiple industries.

The Trinity of Chaos first emerged by combining the reputations and technical capabilities of three notorious groups.

Although no fresh intrusions have been claimed, the collective released previously unavailable data samples from past breaches, showcasing proof of exfiltrated records.

In one highlighted instance, the group threatened Salesforce following alleged exploitation of its instances via stolen OAuth tokens tied to Salesloft’s Drift AI chat integration.

Salesforce downplayed the claims but acknowledged potential compromises of customer environments. Threat actors claimed to have sought negotiations ...