A zero-day flaw in Oracle PeopleSoft was exploited by the ShinyHunters extortion crew to breach the Council of Europe, resulting in the theft of over 297 GB of data, including sensitive HR and payroll records, as well as employee personal and financial information1. The attackers claim to have hacked more than 100 organizations using this vulnerability, highlighting the severity of the issue. The stolen data includes payslips, purchase orders, CVs, and medical records, putting the affected individuals at risk of identity theft and other malicious activities. The Council of Europe has confirmed that it is investigating the matter, but has not provided further details. The use of a zero-day exploit means that defenders were caught off guard, as patches for the vulnerability did not exist at the time of the attack. This incident matters to security practitioners because it demonstrates the significant risk posed by zero-day vulnerabilities, which can be exploited before patches are available, leaving defenders with limited options to respond.