Skip to main content

Tag: shinyhunters

76 articles

Business setting with laptop on desk, papers and supplies nearby, and CRM system on screen.

Microsoft Tracks ShinyHunters' Salesforce Data Theft Via OAuth Flaws

Microsoft uncovered a sneaky year-long operation by the ShinyHunters extortion group, who exploited trust in Salesforce's OAuth system to steal sensitive data, using clever vishing tactics to trick employees into granting access to a malicious app. The attackers posed as IT support, convincing victims to authorize a fake Data Loader tool that allowed them to make API calls and search for valuable credentials.

Analyst 207
Empty seats and scattered devices in a large public venue's ticketing area.

Multiple Breaches Expose Millions in June

A massive data breach at Madison Square Garden put over 26 million records at risk after a threat actor group, ShinyHunters, made a ransom demand and released the data when it wasn't met. This alarming incident highlights the growing threat of data breaches and the importance of robust cybersecurity measures.

Analyst 207
College setting with laptop on a desk, hinting at vulnerability.

ShinyHunters Breach Exposes 2.3M Moody Bible Institute Accounts

A massive data breach at Moody Bible Institute has exposed the sensitive information of over 2.3 million people, including names, addresses, phone numbers, and more, after being targeted by the notorious extortion group ShinyHunters. The stolen data, which was leaked on June 23, puts countless individuals at risk of identity theft and cyber attacks.

Analyst 207
Brightly-lit office setting with a large window and subtle tech hint.

ShinyHunters Breach Exposes NAIC's Public Data

The National Association of Insurance Commissioners (NAIC) revealed that a breach exposed its public data after an unauthorized third party exploited a PeopleSoft vulnerability, identified as CVE-2026-35273, tied to the notorious ShinyHunters extortion group. This security issue allowed attackers to gain access to a portion of NAIC's IT systems, compromising sensitive information.

Analyst 207
Crowded sports arena with spectators and staff, subtle tech infrastructure in background.

ShinyHunters Breach Exposes Madison Square Garden Data

A recent cyberattack by ShinyHunters has exposed sensitive data from Madison Square Garden, highlighting a growing concern about cyber risk in the professional sports industry. The breach, which included over 26 million records, is a stark reminder of the importance of robust cybersecurity measures.

Analyst 207
Interior of a Kodak facility with industrial and corporate elements, blurred computer equipment, and a neutral-toned server…

Kodak Breach Exposes 2.2M Records to ShinyHunters Threat Group

Kodak has confirmed a major data breach, with the ShinyHunters threat group claiming to have stolen 2.2 million records, including sensitive customer information. The company is working closely with law enforcement and cybersecurity experts to address the breach.

Analyst 207
Institutional building entrance with subtle tech elements, hinting at digital breach.

Kodak Breach Exposes Sensitive Data After ShinyHunters Hack

Kodak recently suffered a data breach at the hands of hackers known as ShinyHunters, who gained temporary access to sensitive company data. The company has launched a swift investigation with external cybersecurity experts and is working closely with law enforcement to mitigate the impact.

Analyst 207
Government office interior with computer screen displaying abstract database representation.

ShinyHunters Breach Council of Europe in Oracle PeopleSoft Heist

The Council of Europe has fallen victim to a massive data breach, with hackers claiming to have stolen a whopping 297 GB of sensitive information, including HR records, payslips, and medical data, by exploiting a zero-day flaw in Oracle PeopleSoft. The ShinyHunters extortion group is behind the breach, boasting a haul of 429,000 files from the attack.

Analyst 207
Council of Europe headquarters building exterior with subtle security presence.

Council of Europe Probes ShinyHunters Data Breach Claims

The Council of Europe is actively investigating claims by the ShinyHunters extortion group that sensitive internal documents were stolen, and is working to assess the situation. The organization, which represents 46 European member states, has confirmed the probe but declined to provide further comment at this stage.

Analyst 207
School office with computer workstation and papers, blurred cityscape in background.

ShinyHunters Breach Exposes 137,000 Infinite Campus Staff Accounts

A massive data breach at Infinite Campus has exposed the sensitive information of 137,000 staff members, including names, email addresses, phone numbers, and physical addresses, after the ShinyHunters extortion group hacked into the company's Salesforce instance. The stolen data has been published online, putting staff at risk of identity theft and phishing scams.

Analyst 207
University campus scene with students walking near a building, laptop on a bench.

ShinyHunters Exploits Oracle Flaw to Breach Universities

A zero-day flaw in Oracle PeopleSoft PeopleTools, known as CVE-2026-35273, has been exploited by ShinyHunters, potentially infiltrating over 100 organizations, with universities being the hardest hit. This vulnerability allows attackers to execute remote code and take over affected servers, posing a significant threat to higher education institutions.

Analyst 207
University campus scene with administrative building, people walking, and laptop on a table.

ShinyHunters Exploits Oracle PeopleSoft Vulnerability in Education Sector Attacks

ShinyHunters hackers have exploited a critical Oracle PeopleSoft vulnerability, CVE-2026-35273, to launch targeted attacks on US organizations, particularly in the higher education sector. The attacks, which involved data theft and extortion, hit a whopping 68% of US higher education institutions.

Analyst 207
University server room with exposed networking equipment, hinting at a cyber breach.

ShinyHunters Breaches Universities via Oracle PeopleSoft Zero-Day Exploit

Hackers have struck 68% of breached organizations in the higher education sector, with a whopping majority being US universities, by exploiting a critical zero-day vulnerability in Oracle PeopleSoft. This severe flaw, rated 9.8/10, allows for remote code execution with no login or user interaction required.

Analyst 207
Rows of computer servers and database systems in a brightly-lit, empty office or server room.

Oracle Discloses Zero-Day Flaw in PeopleSoft Exploited in Data Theft Attacks

A critical zero-day flaw in Oracle PeopleSoft, known as CVE-2026-35273, has been exploited by hackers to steal sensitive data from over 100 organizations, with a staggering 300 instances affected. Oracle has issued emergency mitigations and is working on a patch to address this highly vulnerable issue.

Analyst 207
University building with modern architecture, slightly ajar door hinting at vulnerability.

ShinyHunters Exploits Oracle PeopleSoft Zero-Day to Breach 100 Orgs

ShinyHunters, a notorious data theft group, claims to have exploited a critical Oracle PeopleSoft zero-day vulnerability, CVE-2026-35273, to breach over 100 organizations, including the University of Nottingham. The group allegedly stole sensitive data, posting some of it on their leak site.

Analyst 207
Blurred university building with subtle digital elements hinting at cyber breach.

ShinyHunters Breach Exposes 454,600 University of Nottingham Records

The University of Nottingham has confirmed a major data breach, with a notorious cybercriminal group gaining access to a massive 454,600 student records, affecting both current students and alumni. The university is working closely with authorities and experts to investigate the incident and mitigate its impact.

Analyst 207
Rows of computer servers and equipment in a brightly-lit server room with a single out-of-focus laptop screen in the…

ShinyHunters Targets Oracle PeopleSoft Servers in Widespread Data Theft Attacks

ShinyHunters, a notorious extortion group, has launched a massive data theft campaign targeting Oracle PeopleSoft servers, compromising over 300 instances across 100+ organizations, with a significant impact on the education sector. The attackers have brazenly claimed responsibility, boasting of their exploits in a chilling conversation with BleepingComputer.

Analyst 207
Dental professional looks concerned while viewing laptop in a brightly-lit healthcare setting.

DentaQuest Breach Exposes 2.6M Accounts

A massive data breach at dental benefits provider DentaQuest has exposed a staggering 2.6 million accounts, after hackers stole over 234 GB of sensitive information and released it following failed negotiations with the company.

Analyst 207
Dental office with scattered papers and blurred computer screen.

DentaQuest Breach Exposes 2.6 Million Accounts

A major data breach at DentaQuest has exposed a staggering 2.6 million accounts, after an extortion group called ShinyHunters claimed to have stolen over 234 GB of sensitive data. The breach was confirmed by DentaQuest on June 2, who assured customers they are actively managing the cybersecurity incident.

Analyst 207
Retail setting with subtle tech hints, blurred customer service area.

ShinyHunters Breaches Charter, Exposes 4.9M Customer Records

A massive data breach at Charter has exposed a whopping 4.9 million customer records, with hackers from the notorious ShinyHunters group proudly adding the telco to their "trophy shelf" and making sensitive info like names, addresses, and phone numbers publicly available. Charter has downplayed the incident, claiming no sensitive data was taken, but the reality is that millions of customers are now at risk.

Analyst 207
Concerned customer surrounded by paperwork and communication equipment.

Charter Communications Breach Exposes 4.9 Million Accounts

A shocking data breach at Charter Communications has left 4.9 million customer accounts vulnerable, with hackers gaining access to sensitive information including names, email addresses, phone numbers, and physical addresses. The breach occurred after a clever voice phishing attack on April 1 allowed cybercriminals to tap into the company's Salesforce database.

Analyst 207
Concerned employees surrounded by scattered papers and a laptop at a desk with a blurred cityscape in the background.

Carnival Cruise Data Breach Exposes 6 Million Customers

A recent data breach at Carnival Cruise, affecting 6 million customers, highlights the vulnerability of traditional security controls to social engineering tactics, where a single compromised employee device can lead to devastating consequences. This incident serves as a stark reminder of the human factor in cybersecurity, where threat actors exploit trust and impersonation to gain access to sensitive information.

Analyst 207
Sensitive documents scattered on a table near a blurred computer screen in a brightly-lit travel agency office.

Carnival Breach Exposes 6M Customer Records to ShinyHunters

A massive data breach at Carnival has exposed a staggering 6 million customer records, thanks to a cyberattack by the notorious hacker collective ShinyHunters. The travel and leisure giant confirmed the theft, which occurred in April, leaving millions of customers' sensitive information at risk.

Analyst 207
Rows of cubicles with employees working on computers surrounded by papers and office supplies near a large window.

Charter Breach Exposes Millions of Customer Records

Millions of customer records have been exposed in a shocking data breach at Charter Communications, with the company swiftly confirming the incident and assuring customers that sensitive personal info remains safe. The breach, reportedly involving 40 million records, has triggered a thorough investigation and cooperation with authorities.

Analyst 207