Find notable cyber news and cases, enriched with sources, timelines, and signals.

Madison Square Garden hit by network compromise linked to Cl0p

Incident
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

Madison Square Garden confirmed a data breach that exposed names and SSNs, and it has started notifying affected people. The compromise involved a hosted Oracle E-Business Suite instance managed by a third-party vendor. Hackers stole the data in August 2025, and MSG says 11 Maine residents were impacted. The breach is linked to the broader Cl0p Oracle EBS extortion campaign, making the incident a confirmed victim-facing disclosure event.

Related Happenings

US National Association of Insurance Commissioners (NAIC) hit by network compromise

Incident
H score80 First: 29.06.2026 13:00 Last: 29.06.2026 13:00 Sources 1

About this happening: **NAIC** disclosed a **security breach** that exposed **US citizens’ credit rating data** and briefly disrupted operations tied to **Oracle PeopleSoft**. The breach was detected o...

Oracle PeopleSoft broad zero-day exploitation campaign

Exploitation Wave
H score82 First: 29.06.2026 13:00 Last: 29.06.2026 13:00 Sources 1

About this happening: A **broad PeopleSoft zero-day exploitation campaign** exposed **multiple organizations** to compromise after attackers abused a **previously unknown Oracle PeopleSoft vulnerabilit...

ShinyHunters Oracle PeopleSoft data theft from 300 instances

Data Leak
H score46 First: 11.06.2026 22:39 Last: 11.06.2026 22:39 Sources 1

About this happening: The **ShinyHunters** data-leak event against **Oracle PeopleSoft** instances exposed data from **300 instances** across **100+ organizations**, expanding the risk of theft-driven...

Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)

Vulnerability
H score58 First: 11.06.2026 22:39 Last: 11.06.2026 22:39 Sources 1

About this happening: **Oracle PeopleSoft PeopleTools CVE-2026-35273** is a critical **zero-day RCE** affecting **PeopleSoft Enterprise PeopleTools 8.61 and 8.62**. Oracle released **emergency mitigati...

Latest development: 29.06.2026 23:40

Nissan says it suffered a data breach affecting current and former employees after attackers exploited an Oracle PeopleSoft zero-day associated with CVE-2026-35273. Oracle informed Nissan that personnel records of hundreds of companies may have been obtained and that Nissan was specifically targeted, with potentially exposed data including contact details, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary data for employees in the United States, Canada, Mexico, and Brazil.

ShinyHunters Oracle PeopleSoft data theft and extortion campaign

Campaign
H score60 First: 10.06.2026 21:31 Last: 10.06.2026 21:31 Sources 1

About this happening: **ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...

Latest development: 29.06.2026 23:40

Nissan says attackers exploited an Oracle PeopleSoft vulnerability in a ShinyHunters-linked campaign and that the company was specifically targeted, with personal information for current and former employees in the United States, Canada, Mexico, and Brazil potentially exposed. Nissan says the material may include employee contact information, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary information, and the company has activated incident response, engaged external cybersecurity experts, secured affected systems, and is working with Oracle.

Timeline

  1. 02.03.2026 15:53 2 articles · 4mo ago

    MSG confirms Oracle EBS data breach and begins notifications

    Initial Disclosure

    Madison Square Garden confirmed being impacted by a data breach tied to the Cl0p Oracle E-Business Suite (EBS) campaign, said personal information including names and SSNs was compromised, and began notifying affected individuals after a third-party vendor investigation found that data was stolen in August 2025; MSG also told the Maine Attorney General’s Office that 11 Maine residents are impacted.

    Show sources