Cyber Security News

Hacking Editorial Brief — June 16, 2026

ShinyHunters Escalates PeopleSoft Campaign with Council of Europe Breach

Cybercrime group ShinyHunters has breached the Council of Europe's PeopleSoft systems, exfiltrating 429,000 files containing HR and payroll data. The attack is part of a broader campaign targeting PeopleSoft implementations across multiple sectors—ShinyHunters previously compromised Canvas LMS systems at dozens of U.S. colleges last month and has now expanded to higher education financial management and HR platforms. The group's data leak site indicates they've breached over 100 organizations in this campaign, leveraging common vulnerabilities in Oracle's PeopleSoft enterprise software. The Council of Europe breach demonstrates how ShinyHunters is systematically exploiting PeopleSoft deployments across government, education, and enterprise environments, with HR and financial data as primary targets.

Iranian Group Handala Claims California Water Utility Intrusions

Iranian-linked threat actor Handala has claimed responsibility for breaching water utility billing systems in Bakersfield, Visalia, and Chico, California, releasing screenshots of customer billing information as proof. The intrusions continue Handala's documented pattern of targeting U.S. critical infrastructure with hack-and-leak operations. Water utilities represent soft targets within critical infrastructure due to limited cybersecurity budgets and aging IT systems, making them attractive for Iranian actors conducting information operations and demonstrating capability against civilian infrastructure. The timing and public disclosure align with Handala's previous tactics of using infrastructure breaches for psychological impact rather than operational disruption.

AI-Enhanced Threats and Ongoing North Korean Identity Operations

A cryptocurrency token suffered a 50% value collapse following an exploit that security researchers attribute to AI-assisted vulnerability identification, demonstrating how automated code analysis tools are being weaponized to identify and exploit smart contract weaknesses at scale. Meanwhile, North Korean IT workers continue expanding identity theft operations, now targeting Balkan victims in Serbia and Bosnia for stolen credentials used to secure Western freelance positions—a geographic expansion of DPRK's documented revenue-generation operations. Chinese threat actors are deploying pixel-perfect FIFA World Cup 2026 phishing sites with man-in-the-middle infrastructure to harvest payment credentials and bypass two-factor authentication for ticket purchasers.

Sources: The Register · Inside Higher Ed · Bakersfield Now · The Star · CloudSEK