:

NAIC BREACH: SHINYUNTERS STEALS PUBLIC DATA VIA PEOPLESOFT ZERO-DAY

AI DESK1 MIN READ
MON, JUN 29, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

The National Association of Insurance Commissioners confirmed that the ShinyHunters extortion group breached its systems through a zero-day vulnerability in Oracle PeopleSoft. The attackers accessed only publicly available data, outdated logs, and configuration files.

NAIC disclosed the incident after ShinyHunters exploited an unpatched vulnerability in its PeopleSoft server. The group, known for extortion-based attacks, has claimed responsibility for the breach. According to NAIC's assessment, the stolen data consists primarily of information already in the public domain, historical system logs, and server configuration details. No current sensitive records or personal information appears to have been compromised. ShinyHunters has previously targeted major corporations and organizations, typically demanding ransom payments and threatening to publish stolen data. The group's breach of NAIC—a regulatory body representing state insurance commissioners—marks another high-profile target. Oracle has not yet released a patch for the exploited zero-day vulnerability. NAIC has notified relevant authorities and is implementing additional security measures to prevent further unauthorized access.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Artificial intelligence discovered a critical security vulnerability in Linux kernel code that human developers overlooked for over a decade. The bug could allow unauthorized root access to systems.

1H AGOAI Desk

Researchers have demonstrated a new attack called 'Ghostcommit' that hides prompt injections in PNG files to fool AI code reviewers and agents into exposing repository secrets.

3H AGOAI Desk

A 34-year-old Armenian man pleaded guilty to hacking U.S. companies and deploying the Ryuk ransomware. He faces up to 15 years in prison.

5H AGOSecurity Desk

Australia's eSafety watchdog will investigate whether major adult websites are allowing users to bypass age verification requirements using virtual private networks (VPNs). The probe follows new regulations introduced in March requiring age checks on adult content.

7H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.