Cyber Security News

Hacking Editorial Brief — June 29, 2026

ShinyHunters Exploits Oracle PeopleSoft Flaw in Mass Campaign

The ShinyHunters cybercrime group has exploited CVE-2026-35273, a critical remote code execution vulnerability in Oracle PeopleSoft, to compromise over 100 organizations globally. The campaign primarily targeted higher education institutions, though victims span multiple sectors. Separately, ShinyHunters has been attributed to a breach of a U.S. insurance regulator that resulted in terabytes of data being dumped on the dark web. Google's Mandiant confirmed the attribution and traced the attack's origins to late May. The insurance sector breach underscores the group's continued focus on high-value data repositories across regulated industries.

Active Exploitation and Emerging Threats

CISA warned of active exploitation of CVE-2025-67038, a critical code injection vulnerability in Lantronix EDS5000 Series devices that enables arbitrary command execution with root privileges. Google released emergency security updates for Chrome addressing CVE-2026-11645, a high-severity out-of-bounds memory access flaw in the V8 engine being actively exploited in the wild—one of 74 vulnerabilities patched in the release. On the ransomware front, the Woodgnat initial access broker has deployed a new tool called Backdoor.Mistic RAT against organizations in education, insurance, IT, and professional services. Woodgnat maintains relationships with multiple ransomware families, positioning the RAT as infrastructure for follow-on extortion operations. The Nova ransomware group claimed responsibility for breaching the New South Wales Rural Fire Service in Australia, clarifying earlier reports about the government hack.

Sources: SWK Technologies · Insurance Business · The Hacker News · Security Week · Cyber Daily