ShinyHunters publicly leaked data from Moody Bible Institute after a "pay or leak" extortion attempt, exposing more than 2.3 million unique email addresses along with names, physical addresses, phone numbers, dates of birth, and other personal details tied to donors, supporters, students, and alumni. Moody said it brought in internal and external cybersecurity specialists to investigate the breach and respond to the disclosure.
The same threat activity has also been linked to attacks on Oracle PeopleSoft deployments, with the National Association of Insurance Commissioners (NAIC) saying attackers exploited a zero-day flaw to gain temporary access to part of its IT environment and steal confidential financial reporting, credit rating agency, and technical data that was later published online. NAIC said the intrusion was part of a broader campaign affecting multiple organizations after ShinyHunters claimed compromises of more than 100 PeopleSoft installations worldwide; the organization said no personally identifiable information or payment account data was involved, remediated affected systems with outside experts, and said the FBI was investigating.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
Push Security reported that attackers were abusing OpenAI organization invitations to lure users into attacker-controlled tenants for long-term harvesting of prompts, uploaded files, and API activity. The report said the invitations used OpenAI's legitimate notification system and could bind a victim account to the malicious tenant with a single click.
In June 2026, Moody Bible Institute was targeted in a ShinyHunters "pay or leak" extortion campaign. The incident led to the public release of more than 2.3 million unique email addresses and additional personal data affecting donors, supporters, students, and alumni.
NAIC disclosed that attackers exploited a zero-day vulnerability in Oracle PeopleSoft to access part of its environment and steal confidential financial data, later publishing the stolen material online. The organization said affected systems were remediated with outside cybersecurity support and that the FBI was investigating.
NAIC said it discovered on June 11 that attackers had gained temporary access to part of its IT environment using compromised PeopleSoft-related access tied to a zero-day Oracle PeopleSoft exploit.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
7 references tracked. Mallory keeps watching after this page renders.
cyberveille.ch
Open sourceteiss.co.uk
Open sourcescworld.com
Open sourcecybersecuritynews.com
Open sourcecybersecuritynews.com
Open sourcehaveibeenpwned.com
Open sourceteiss.co.uk
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.