ShinyHunters Breaches Council of Europe via Oracle PeopleSoft Zero-Day, Steals 297 GB

The ShinyHunters extortion group claims to have breached the Council of Europe, the continent's oldest intergovernmental human rights body, stealing more than 297 GB of data. The attackers exploited a zero-day vulnerability in Oracle PeopleSoft, tracked as CVE-2026-35273, to compromise the organization.

The 429,000 pilfered files include HR and payroll records, payslips, purchase-order documents, CVs, and employees’ salary, banking, tax, and medical information. ShinyHunters made the data public on its leak site after the breach, according to a post cited by The Register.

Wider Campaign Hit More Than 100 Organizations

CVE-2026-35273 was used by ShinyHunters to compromise more than 100 organizations across 300 vulnerable instances, the group told The Register. The known victims include the Council of Europe, the University of Nottingham, and ed-tech firm Instructure. A Google threat report published in June 2026 noted exploitation activity consistent with the zero-day between May 27 and June 9, and said its incident responders notified more than 100 global organizations whose IP addresses correlated with potentially vulnerable endpoints.

• 68 percent of affected organizations operate in the higher education sector.
• The majority of vulnerable instances are U.S.-based.
• Instructure reached a ransom agreement with ShinyHunters in May 2026 after data on 275 million students and staff was stolen.
• In March 2026, the group claimed a breach of K-12 software provider Infinite Campus via Salesforce-related intrusions.

Council of Europe Investigating, Oracle Silent

A Council of Europe spokesperson told The Register that the body is “currently investigating the matter and assessing the situation,” but declined further comment. Oracle has not responded to inquiries about whether CVE-2026-35273 has been patched. The vulnerability remains a critical concern for any organization running Oracle PeopleSoft, especially in higher education and intergovernmental sectors.

ShinyHunters continues to target large data repositories. The group’s activity underscores the persistent threat posed by zero-day vulnerabilities in widely used enterprise software. Organizations using Oracle PeopleSoft should immediately review their instances for signs of compromise and apply any available fixes as soon as Oracle releases them.