ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html

Publish Date: 2026-06-11 16:29:00

Source Domain: thehackernews.com

Summary
The article highlights a significant cyber-attack campaign by the ShinyHunters extortion crew exploiting an unpatched zero-day vulnerability in Oracle PeopleSoft’s remote code execution flaw, CVE-2026-35273. This vulnerability allowed attackers to infiltrate systems easily without any user interaction or login credentials, primarily targeting universities. The flaw was first flagged between May 27 and June 9, but Oracle only documented the issue on June 10. The exploitation involved taking over server environments and harvesting data from exposed systems. Google’s Mandiant discovered that attackers left their gear vulnerable, revealing the attack method, which included lateral movements and data compression before exfiltrating it. Oracle advised disabling the affected Oracle service components, while Mandiant emphasized checking for specific intrusion signs like unexpected files and outbound SMB traffic. Although Oracle released a patch, its availability remained unclear, and it focused on recommending mitigation measures for now. The breach raised concerns about whether this would signify ShinyHunters moving into exploiting on-premises ERP systems given their history of attacking SaaS platforms and education institutions.

Key Points:

• Exploited Zero-Day Vulnerability: An unpatched remote code execution flaw in Oracle PeopleSoft’s Environment Management Hub leading to data breaches.
• Impact: Primarily affected universities, with the University of Nottingham being an early confirmed victim, exposing around 455,000 unique email addresses.
• Mitigation and Recommendations: Oracle issued guidance to disable affected services or restrict external access, and Mandiant warned against reliance on WAF alone and recommended several hunt strategies to identify compromises.