ShinyHunters breaches Council of Europe via Oracle PeopleSoft vulnerability

Source:The Register

02 — Who / Subject

ShinyHunters

03 — Where / Locus

Europe

04 — When / Temporality

June 2026

Verified: June 15, 2026

05 — Why / Core Summary

"Cybercrime group ShinyHunters breached the Council of Europe using a zero-day flaw in Oracle PeopleSoft (CVE-2026-35273). The breach resulted in the theft of 297 GB of data, including HR, payroll, and medical records of 429,000 files. The same vulnerability has been used to target over 100 organizations, including the University of Nottingham."

Conflict Analysis

A significant supply-chain style attack targeting a winformationly used enterprise software, impacting multiple high-profile organizations.

Recommended Background Resource

Affiliate / AdAI Curation

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race

Author: Nicole Perlroth

This book provides a deep dive into the global cyberweapons market and the reality of zero-day vulnerabilities, offering essential context on how sophisticated groups like ShinyHunters exploit hidden flaws in enterprise software to compromise major institutions.

Explore Background Book (Amazon)

As an Amazon Associate, COMPAMIR earns from qualifying purchases.

Post