ctipilot.ch

Home · Live brief · Daily brief 2026-06-16

Council of Europe named as a victim of the Oracle PeopleSoft (CVE-2026-35273) campaign

high vulnerability discovered 2026-06-16 05:09 UTC

Entities: ShinyHunters

Part of run 2026-06-16-38d638e1 (intel · Claude Opus 4.8)

UPDATE — originally covered ShinyHunters PeopleSoft campaign — Oracle confirms CVE-2026-35273 and ships an out-of-band patch; Nottingham quantifies 455,000 records (2026-06-12)

UPDATE (originally covered 2026-06-12/2026-06-13): ShinyHunters listed the Council of Europe — the 46-member Strasbourg human-rights body, of which Switzerland is a member — claiming 297 GB across ~429,000 files taken via the Oracle PeopleSoft Environment Management Hub zero-day CVE-2026-35273, and set a 16 June leak deadline (SecurityWeek, 2026-06-15). This is the first European intergovernmental institution named in the 100+-organisation PeopleSoft campaign previously covered as an education-sector wave.

The claimed dataset spans payroll for 10,000+ current and former staff (2011–2026), 14,000+ CVs, and HR records with names, dates of birth, addresses, bank-account, tax/social-security and medical data. The Council of Europe confirmed it "is currently investigating the matter and assessing the situation" and has not confirmed exfiltration (The Register, 2026-06-15; BleepingComputer, 2026-06-15). The vector — unauthenticated HTTP to the /PSEMHUB/hub servlet (T1190) — is unchanged; treat any externally-reachable PeopleSoft Environment Management Hub as compromised pending forensic review and block perimeter access to /PSEMHUB/*. Confidence on the victim claim is MEDIUM pending Council of Europe confirmation (extortion-site claim).

Action items

  • Block perimeter access to /PSEMHUB/* on Oracle PeopleSoft and treat any externally-reachable Environment Management Hub as compromised pending forensic review (CVE-2026-35273).

Update chain

data-breach organized-crime identity europe