Last mentioned: 12h ago
Google Confirms Exploitation
Google Threat Intelligence Group publicly confirms zero‑day exploitation by ShinyHunters and notifies over 100 affected organizations.
Google/Mandiant publish findings
Google’s threat intelligence blog details the campaign, attribution, and sector impact.
Oracle Releases Out‑of‑Band Advisory
Oracle publishes mitigations for CVE-2026-35273 and warns customers to apply them immediately, but no full patch is provided.
Oracle issues security advisory
Oracle publishes a patch and advisory for the PeopleSoft vulnerability, closing the zero-day window.
Campaign window closes
Last observed exploitation activity before Oracle issues its advisory.
Campaign begins
ShinyHunters starts active scanning and exploitation of the Oracle PeopleSoft zero-day.
Zero‑Day Exploitation Begins
According to Google and Mandiant, ShinyHunters starts actively exploiting CVE-2026-35273 to compromise PeopleSoft instances.
Intelligence Warning
Cybersecurity experts warn of 'gloves off' phase in state-sponsored cyber warfare.
Stryker Breach
Handala group claims responsibility for disrupting systems at U.S. medical giant Stryker.
Infrastructure Probing
Reports emerge of hackers targeting industrial facilities in Israel and Saudi Arabia.
Conflict Commencement
War breaks out, triggering a surge in pro-Iranian cyber activity.
Patch Release
Dell issues critical security updates to address the RecoverPoint vulnerability.
Public Disclosure
Mandiant and GTIG reveal the 18-month-long zero-day exploitation campaign.
Attack Campaign Window
ShinyHunters targets ~300 instances across 100+ organizations, focusing on education sector. Deploys MeshCentral agents and lateral movement scripts.
Ongoing Espionage
Attackers maintain persistence and conduct malware campaigns across multiple sectors.
Initial Exploitation
UNC6201 begins weaponizing CVE-2026-22769 in targeted attacks.
Google and Mandiant confirm active exploitation of CVE-2026-35273, a critical unauthenticated RCE flaw in Oracle PeopleSoft. The ShinyHunters group compromised roughly 300 instances, with the higher education sector bearing 68% of the impact. Oracle has only released mitigations, leaving organizations exposed to data theft and extortion.
An active extortion campaign by ShinyHunters exploited a zero-day vulnerability in Oracle PeopleSoft, with Google notifying over 100 organizations—68% in higher education. The attackers used customized MeshCentral agents for C2, actions occurring before Oracle’s June 10 advisory. This highlights the growing threat of zero-day exploitation in widely used enterprise software and the education sector’s vulnerability.
Pro-Iranian hacking groups have launched a coordinated cyber offensive against U.S. and Middle Eastern targets, including a significant breach of medical technology firm Stryker. These state-linked actors are shifting focus from financial extortion to data destruction and tactical intelligence gathering to support ongoing kinetic warfare.
A sophisticated Chinese cyberespionage group, tracked as UNC6201, has been exploiting a critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines for nearly two years. The flaw, identified as CVE-2026-22769, allowed attackers to maintain long-term persistence and conduct stealthy malware campaigns against high-value targets.