ShinyHunters is a apt_group tracked across 50 threat clusters and 115 intelligence report mentions on ThreatCluster. First observed November 14, 2025; most recent activity July 16, 2026.
A pre-authentication remote code execution (RCE) vulnerability, CVE-2026-35273, was discovered in Oracle PeopleSoft PeopleTools, affecting versions 8.61 and 8.62. The vulnerability allows unauthenticated attackers to…
A critical zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft has been exploited by the ShinyHunters group, leading to breaches of over 100 organizations, primarily in the education sector. The vulnerability…
In 2026, cyberattacks have escalated from data theft to targeting critical infrastructure, affecting government systems, educational platforms, and medical technology companies. The U.S. Department of Government…
A series of critical vulnerabilities have emerged, including CVE-2026-20182, which allows unauthenticated attackers to gain admin access to Cisco Catalyst SD-WAN Controllers. ShinyHunters defaced the Canvas LMS login…
The Personal Information Protection Commission of South Korea has fined three luxury brands under LVMH, including Louis Vuitton and Dior, a total of 36.033 billion won (approximately $24.9 million) due to data breaches…
The Google Threat Intelligence Group (GTIG) reported that a financially motivated cybercriminal group, UNC6783, is targeting business process outsourcing (BPO) companies to infiltrate high-value organizations across…
In January 2026, the Chronus Group executed a significant data breach against the Mexican government, compromising 2.3 terabytes of sensitive data from at least 25 agencies. The breach exposed personal information of up…
Eurail B.V. confirmed a data breach that exposed personal information of approximately 308,777 individuals in the U.S., including names and passport numbers. The breach occurred on December 26, 2025, when unauthorized…
Two threat groups, Cordial Spider and Snarky Spider, affiliated with The Com, are targeting U.S. organizations across various critical infrastructure sectors for rapid data theft and extortion. Their operations,…
On May 19, 2026, Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) operation that provided over 1,000 fraudulent code-signing certificates to cybercriminals, enabling them to disguise malware as…