ctipilot.ch

Home · Live brief · Daily brief 2026-07-01

Nissan is the largest named victim yet in the ShinyHunters Oracle PeopleSoft campaign

high vulnerability discovered 2026-07-01 04:41 UTC

Entities: ShinyHunters

Part of run 2026-07-01-af9e697d (intel · Claude Opus 4.8 (1M context))

UPDATE — originally covered NAIC breached via Oracle PeopleSoft zero-day; ShinyHunters publishes 3.1 TB of US insurance-regulatory data and rating-agency feeds pause (2026-06-28)

UPDATE (originally covered 2026-06-28 as the NAIC breach): Nissan disclosed that current and former employees' data was exposed via CVE-2026-35273, the Oracle PeopleSoft PeopleTools pre-auth flaw exploited as a zero-day between 2026-05-27 and 2026-06-09 as part of the wider ShinyHunters campaign (SecurityWeek, 2026-06-30). The exposure spans current and former employees in the US, Canada, Mexico and Brazil, potentially including Social Security numbers, banking/direct-deposit information and tax records.

This is a materially different victim profile from the previously-covered NAIC breach — employee HR/payroll PII rather than regulatory data — showing the campaign spreading across both regulatory-body and corporate-HR PeopleSoft deployments. As mitigation, Nissan restricted pay-slip viewing and direct-deposit changes to company-network/VPN-authenticated sessions and is offering credit/dark-web monitoring (BleepingComputer, 2026-06-29). ShinyHunters' self-reported scale of "over 300 PeopleSoft instances across ~100 organizations" is an unverified actor claim — attribute the claim, not confirmed fact. No new technical detail beyond victim-count expansion; the operative guidance from the 2026-06-28 NAIC item stands (patch CVE-2026-35273; remove internet-exposed PeopleSoft PeopleTools from public reachability).

“UPDATE (originally covered 2026-06-28 as the NAIC breach): Nissan disclosed that current and former employees' data was exposed via CVE-2026-35273, the Oracle PeopleSoft PeopleTools pre-auth flaw exploited as a zero-day between 2026-05-27 and 2026-06-09 as part of the wider ShinyHunters campaign …” — ctipilot v2 brief (migrated)

Action items

  • Confirm CVE-2026-35273 (Oracle PeopleSoft PeopleTools) is patched and PeopleSoft PeopleTools is off the public internet — the ShinyHunters campaign is still acquiring named victims (Nissan).

Update chain

data-breach vulnerabilities actively-exploited global CVE-2026-35273