Anatomy of the Red Hat Intrusion: Crimson Collective and SLSH Extortions

The report documents the rise of a hybrid extortion collective (Scattered LAPSUS$ Shiny Hunters) that combines social engineering, shared exploit code, and third‑party compromises to steal and extort data. It highlights in‑the‑wild exploitation of Oracle E-Business Suite (CVE-2025-61882) and potential abuse of a critical Red Hat OpenShift AI flaw (CVE-2025-10725), large-scale data leaks (Discord, Red Hat, multiple corporate victims), distribution of AsyncRAT via malicious lures, and the group’s shift toward offering Extortion‑as‑a‑Service and recruiting insiders for persistent access.