{"id":283924,"date":"2026-06-30T04:48:00","date_gmt":"2026-06-30T08:48:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/30\/nissan-americas-employee-data-breach-analysis-oracle-peoplesoft-zero-day-cve-2026-35273-exploitation-and-supply-chain-risks-rescana\/"},"modified":"2026-06-30T05:00:08","modified_gmt":"2026-06-30T09:00:08","slug":"nissan-americas-employee-data-breach-analysis-oracle-peoplesoft-zero-day-cve-2026-35273-exploitation-and-supply-chain-risks-rescana","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/30\/nissan-americas-employee-data-breach-analysis-oracle-peoplesoft-zero-day-cve-2026-35273-exploitation-and-supply-chain-risks-rescana\/","title":{"rendered":"Nissan Americas Employee Data Breach Analysis: Oracle PeopleSoft Zero-Day (CVE-2026-35273) Exploitation and Supply Chain Risks \u2013 Rescana"},"content":{"rendered":"

Nissan Americas Employee Data Breach Analysis: Oracle PeopleSoft Zero-Day (CVE-2026-35273) Exploitation and Supply Chain Risks \u2013 Rescana<\/a><\/p>\n

https:\/\/www.rescana.com\/post\/nissan-americas-employee-data-breach-analysis-oracle-peoplesoft-zero-day-cve-2026-35273-exploitation-and-supply-chain-ri<\/a><\/p>\n

Publish Date: 2026-06-30 04:48:00<\/a><\/p>\n

Source Domain: www.rescana.com<\/a><\/p>\n

Executive Summary<\/strong><\/h2>\n

On June 25, 2026, Nissan Americas<\/strong>\u00a0disclosed a data breach affecting current and former employees, linked to exploitation of a zero-day vulnerability in Oracle PeopleSoft<\/strong>\u00a0software. The breach, which occurred between May 27 and June 9, 2026, was facilitated by attackers exploiting CVE-2026-35273, a critical Server-Side Request Forgery (SSRF) vulnerability in Oracle PeopleSoft PeopleTools<\/strong>. The incident resulted in unauthorized access to sensitive employee data, including contact information, banking details, Social Security numbers, and tax records. The ShinyHunters<\/strong>\u00a0extortion group claimed responsibility, and technical analysis by Mandiant<\/strong>\u00a0confirmed the use of the zero-day vulnerability. Nissan<\/strong>\u00a0has engaged external cybersecurity experts, secured affected systems, and is working with Oracle<\/strong>\u00a0to investigate and remediate the breach. The company is offering credit and dark web monitoring to affected individuals and has notified regulatory authorities as required. The breach underscores the risks associated with third-party enterprise software and has sector-wide implications for supply chain security and regulatory compliance.<\/p>\n

Technical Information<\/strong><\/h2>\n

The breach at Nissan Americas<\/strong>\u00a0was enabled by exploitation of CVE-2026-35273, a critical SSRF vulnerability in Oracle PeopleSoft PeopleTools<\/strong>. This vulnerability allows unauthenticated remote code execution (RCE) via the Updates Environment Management component, specifically targeting exposed \/PSEMHUB\/* and \/PSIGW\/HttpListeningConnector endpoints. Attackers conducted automated scanning to identify vulnerable endpoints and exploited them to gain initial access.<\/p>\n

Once inside, the attackers deployed MeshCentral<\/strong>, a legitimate open-source remote management tool, to maintain persistent access. The MeshCentral<\/strong>\u00a0agents were disguised as Microsoft Azure<\/strong>\u00a0services to evade detection. No custom malware was identified in public reporting; persistence was achieved primarily through MeshCentral<\/strong>.<\/p>\n

The attack chain mapped to…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Nissan Americas Employee Data Breach Analysis: Oracle PeopleSoft Zero-Day (CVE-2026-35273) Exploitation and Supply Chain Risks…<\/p>\n","protected":false},"author":1,"featured_media":283925,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.rescana.com\/post\/img\/nissan-americas-employee-data-breach-analysis-oracle-peoplesoft-zero-day-cve-2026-35273-exploitation-and-supply-chain-ri-cover.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,24,32,27],"class_list":["post-283924","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-cybersecurity","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/283924"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=283924"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/283924\/revisions"}],"predecessor-version":[{"id":283926,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/283924\/revisions\/283926"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/283925"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=283924"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=283924"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=283924"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}