June 12, 2026 by sig9
Hacker Wars - June 12, 2026
Your daily dose of infosec chaos
Friday’s serving up a buffet of breaches, zero-days, and creative new ways to abuse government infrastructure. From ShinyHunters going after university data to someone gaming Maine’s breach portal with fake disclosures, it’s been a busy 24 hours. Oh, and a Japanese energy company literally lost a hard drive with 10.9 million customer records. Physical security, folks. It still matters.
ShinyHunters Exploits Oracle PeopleSoft Zero-Day to Breach Universities
The ShinyHunters extortion gang has been exploiting an unpatched Oracle PeopleSoft flaw (CVE-2026-35273) to break into enterprise systems and steal data, with universities bearing the brunt of the campaign. Google’s Mandiant tracked the activity to a group they call UNC6240, dating attacks back several months. Oracle has quietly mitigated the issue but hasn’t publicly confirmed in-the-wild exploitation.
What to do: If you run PeopleSoft, check Oracle’s advisory immediately and apply mitigations. Monitor for unusual data exfiltration patterns and review access logs going back to early 2026.
Over 73,000 French Govt Employees Affected in Tchap Messenger Breach
The French government confirmed that its Tchap encrypted messaging platform was breached, exposing accounts of over 73,000 public sector employees. Tchap was designed as a secure alternative to consumer messaging apps for government communications, which makes this breach particularly ironic. The full scope of what was accessed is still being assessed.
What to do: If your organization uses custom or government-grade messaging platforms, audit their security posture and ensure end-to-end encryption is actually end-to-end. Assume metadata is always at risk.
Maine Breach Portal Abused to Publish Fake Data Breach Disclosures
In a creative twist on the misinformation playbook, someone submitted fraudulent data breach notifications to Maine’s official breach disclosure portal. The fake entries were published before verification, forcing multiple companies to publicly deny breaches they never suffered. It’s a new vector: weaponizing legitimate disclosure infrastructure to cause reputational damage.
What to do: Monitor breach disclosure portals relevant to your industry for unauthorized mentions of your organization. Have a communications plan ready for breach denial scenarios, even fake ones.
Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs
Europol announced the takedown of AudiA6, a cryptocurrency laundering service that served as a key financial pipeline for ransomware groups and cybercriminal networks. The service allegedly helped wash hundreds of millions in illicit profits. This is another hit to the cybercrime-as-a-service ecosystem, though we all know another mixer will pop up by lunchtime.
What to do: If you’re tracking threat actor infrastructure, update your IOCs. Organizations paying ransoms should note that crypto tracing capabilities are improving, which is yet another reason not to pay.
Japanese Energy Firm Loses Drive With Data of 10.9 Million Clients
Kyushu Electric Power Co. disclosed that a physical hard drive containing personal data of 10.9 million customers went missing. Not a sophisticated cyberattack, not a zero-day, just a lost drive. In 2026, one of Japan’s largest energy providers managed to misplace a storage device with more records than some countries have people.
What to do: Encrypt everything at rest. If a drive walks out the door, the data should be useless without the key. Also, maybe track your hardware assets better.
Catch you tomorrow. In the meantime, go check your attack surface.
Brought to you by sig9 - sig9.ch | Protecting the unseen, securing the unknown
This bulletin is provided for informational purposes. Contact us for tailored security analysis.