Scattered Lapsus$ Hunters are exploiting Zendesk's ticket system to conduct large-scale spam and phishing campaigns, abusing a convenience feature that sends ticket notifications to email addresses without proper validation or rate limiting. Zendesk administrators should implement aggressive email filtering on Zendesk-originated messages, review and tighten security settings (particularly CAPTCHA requirements and SPF/DKIM verification), and monitor for suspicious ticket creation patterns, as the threat actors are targeting publicly exposed email addresses scraped from GitHub and other sources to bypass spam filters using Zendesk's trusted sender reputation.
Scattered Lapsus$ Hunters stress testing Zendesk weak spots theregister.com
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to know IT Pro
Hackers Abuse Convenience Feature of Zendesk Support Systems for Strange Spam Campaign CPO Magazine
Zendesk spam wave returns, floods users with 'Activate account' emails BleepingComputer
Zendesk tickets hijacked in massive spam campaign TechRadar
A fresh wave of Zendesk spam emails is hitting users across the world TechRadar
Zendesk users targeted by Scattered Lapsus$ Hunters hackers and fake support sites TechRadar
Discord Zendesk Data Breach 2025: Support Ticket System Compromised by Scattered Lapsus$ Hunters Rescana
They're back at it again after last week (https://news.ycombinator.com/item?id=46890418). Comments URL: https://news.ycombinator.com/item?id=46929545 Points: 11 # Comments: 3
Looks like there's another round of Zendesk email spam happening. I've gotten hundreds over the last half-hour. Comments URL: https://news.ycombinator.com/item?id=46890418 Points: 105 # Comments: 54
Scattered Lapsus$ Hunters target Zendesk users with fake domains csoonline.com
Scattered Lapsus$ Hunters prepping Zendesk-aimed intrusions SC Media