The Vulnerability
Hackers found a serious zero-day vulnerability in Oracle’s software, which is being listed as CVE-2026-35273, sparking entire waves of attacks. Security researchers have also linked UNC6240 to infrastructure and tactics believed to overlap with actors associated with the ShinyHunters extortion ecosystem. In essence, the threat actors looked for vulnerable PeopleSoft Environment Management Hubs online and utilized automated scripts to get access without a password. They then covertly began stealing volumes of crucial company data by inserting remote access tools into the networks and passing them off as legitimate cloud services.
Who is Affected
In a data breach notification filed with state regulators, including the California Attorney General’s Office, automotive giant Nissan Americas officially confirmed that it fell victim to this specific exploitation campaign because its localized human resources systems had been systematically breached. According to Nissan’s formal disclosure letters, the company was alerted by Oracle that malicious actors were compromising PeopleSoft instances at hundreds of companies globally. The primary source filings detail that the resulting data exposure compromised a vast array of sensitive corporate records across its operations in the United States, Canada, Mexico, and Brazil, specifically exfiltrating employee names, banking details, financial and tax files, and national identification markers such as Social Security and Social Insurance numbers.
Author Notes
Oracle Security Alert Advisory – CVE-2026-35273, published June 10, 2026.
Nissan Americas Data Breach Notification Letters, submitted to the State of California Department of Justice, Office of the Attorney General, June 2026.
About the Author
Carmen Estela is a Cybersecurity Research Analyst at Cyber Defense Magazine and a Women in Cybersecurity Award Candidate. She recently graduated with a Master’s of Science degree from the University of Central Florida and holds a Bachelor’s degree in Criminology from the University of Florida with certifications in Data Analytics and AI Fundamentals. She frequently speaks and volunteers at well-known industry gatherings, such as BSides Orlando and BSides Jax, where she offers her perspectives on emerging cyber trends. Carmen is committed to advancing the standards of governance, risk, and compliance within cybersecurity. She has also served as an adult protective investigator, police dispatcher, and legal intern, applying investigative skills across law enforcement, academic, and public service settings.
Reach her online at [email protected].

