The Security Flaw
A critical zero-day vulnerability in Oracle’s software, identified as CVE-2026-35273, has been exploited by hackers, leading to widespread cyberattacks. Security experts have linked the activity to UNC6240, a threat group associated with the ShinyHunters extortion ecosystem. The attackers targeted vulnerable PeopleSoft Environment Management Hubs online, gaining unauthorized access using automated scripts. They then proceeded to exfiltrate significant amounts of sensitive company data by implanting remote access tools into the networks, masquerading them as legitimate cloud services.
Affected Entities
Nissan Americas, a prominent automotive company, has acknowledged falling victim to this specific exploitation campaign. The breach targeted their localized human resources systems, compromising sensitive information. Oracle alerted Nissan and numerous other companies globally about the ongoing breach of PeopleSoft instances. The data breach at Nissan Americas exposed a range of confidential records, including employee names, financial details, and national identification data, across its operations in the United States, Canada, Mexico, and Brazil.
Insights from the Author
Oracle Security Alert Advisory – CVE-2026-35273 was published on June 10, 2026.
Nissan Americas Data Breach Notification Letters were submitted to the State of California Department of Justice, Office of the Attorney General, in June 2026.
Carmen Estela, a Cybersecurity Research Analyst at Cyber Defense Magazine and a Women in Cybersecurity Award Candidate, holds advanced degrees in Criminology and Cybersecurity. With a strong background in data analytics and AI fundamentals, Carmen actively participates in industry events like BSides Orlando and BSides Jax, sharing insights on emerging cyber trends. Her dedication to enhancing cybersecurity governance, risk, and compliance standards is evident through her diverse professional experiences in investigative roles within law enforcement and public service.
Contact Carmen at [email protected] for further discussions.
