top of page
ALL POSTS
ShinyHunters Exploits Oracle PeopleSoft Zero-Day to Breach 100+ Universities Worldwide
Key Findings ShinyHunters exploited CVE-2026-35273, a zero-day remote code execution vulnerability in Oracle PeopleSoft Enterprise PeopleTools rated 9.8/10, to breach over 100 organizations between May 27 and June 9 The vulnerability required only network access over HTTP with no authentication or user interaction, affecting any organization with Environment Management Hub endpoints exposed externally Approximately 68 percent of affected organizations were in higher education
Jun 113 min read
University of Nottingham Data Breach: 454,635 Accounts Compromised in ShinyHunters Leak
Key Findings University of Nottingham suffered a significant data breach in June 2026 affecting approximately 454,635 accounts Attack attributed to ShinyHunters group operating a "pay or leak" extortion campaign Over 40GB of sensitive data stolen including student records from UK, China, and Malaysia campuses Exposed data includes email addresses, names, addresses, phone numbers, passport numbers, National Insurance numbers, and financial records Both current students and alu
Jun 112 min read
Luxury and Financial Services - 586,705 breached accounts
Key Findings ShinyHunters group conducted two separate "pay or leak" extortion campaigns against major companies in early 2026 Mytheresa luxury fashion platform: 84,108 breached accounts containing emails, names, phone numbers, addresses, purchase history, and partial credit card data Ameriprise Financial: 502,597 breached accounts with emails, names, phone numbers, addresses, and employer information from Salesforce and SharePoint systems Both companies had ransom demands th
May 272 min read
Abrigo - 711,099 Accounts Breached
Key Findings ShinyHunters group conducted "pay or leak" extortion campaigns against at least two major companies in April 2026 Abrigo suffered a breach exposing 711,099 records from its Salesforce instance, containing business contact information Canada Life experienced a separate incident resulting in 237,810 breached records including customer personal data Both breaches involved similar extortion tactics followed by public data release when demands were not met Combined in
May 142 min read
ShinyHunters Breach Impacts Thousands of Universities Through Canvas LMS Vulnerability
Key Findings ShinyHunters claimed responsibility for breaching Instructure's Canvas LMS and defaced university login portals including canvas.vt.edu on Thursday The group claims to have exfiltrated 3.65TB of data from nearly 9,000 educational institutions affecting approximately 275 million users worldwide Exposed data includes names, email addresses, student ID numbers, and internal Canvas messages, but not passwords, financial records, or government IDs according to Instruc
May 83 min read
ShinyHunters Leaks Data from Major Retailers in Salesforce Security Breach
Key Findings ShinyHunters posted data from Udemy, Zara, and 7-Eleven on dark web leak sites between April 22-27, 2026 Udemy breach contains 2.3 GB including 1.4 million Salesforce records with personally identifiable information 7-Eleven breach involves 12.8 GB with over 600,000 Salesforce records Zara breach claims 192 GB from BigQuery instances, linked to third-party service Anodot All three companies allegedly ignored negotiation attempts before data was released None of t
Apr 282 min read
Vercel Breach Linked to Context AI Hack Exposes Limited Customer Credentials
Key Findings Vercel suffered a breach stemming from the compromise of Context.ai, a third-party AI tool used by an employee Attackers used the compromised account to access internal Vercel systems and non-sensitive environment variables Sensitive environment variables stored in encrypted format show no evidence of unauthorized access A limited subset of customers had credentials compromised and have been notified Threat actor ShinyHunters claimed responsibility and is alleged
Apr 202 min read
ShinyHunters Claims Theft of 3M+ Cisco Records in Latest Breach Threat
Key Findings ShinyHunters has issued a final warning to Cisco with an April 3, 2026 deadline before publicly leaking over 3 million alleged stolen records The group claims access through three separate breach paths: UNC6040, Salesforce Aura, and compromised AWS accounts Stolen data includes personally identifiable information, GitHub repositories, AWS storage buckets, and internal corporate data Screenshots provided by the group show access to AWS organizational dashboards an
Apr 22 min read
bottom of page
