ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw
ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw
https://cyberscoop.com/oracle-peoplesoft-zero-day-vulnerability-shinyhunters-extortion/
Publish Date: 2026-06-12 12:12:34
Source Domain: cyberscoop.com
Summary:
Cybercriminals exploited a zero-day vulnerability in Oracle PeopleSoft PeopleTools, potentially compromising the networks of over 100 organizations, mostly within the higher education sector, warns researchers. Mandiant and the Google Threat Intelligence Group identified these attacks and linked them to the notorious cybercrime group ShinyHunters, which disclosed targeting and leaking data from affected institutions like the University of Nottingham. The vulnerability, CVE-2026-35273, allows unauthenticated attackers to execute remote code and take over servers. Oracle disclosed this flaw but has not yet released a patch and did not comment on the attacks. Most of the potential victims reside in the U.S., with almost 70% in higher education. The campaign is ongoing, and new victims could emerge, as more organizations might be exposed beyond the already identified endpoints.
Key Points:
- Cybercriminals exploited a zero-day vulnerability in Oracle PeopleSoft PeopleTools, impacting over 100 organizations.
- The attacks primarily affected the higher education sector, with institutions based mainly in the U.S.
- CVE-2026-35273, which allows unauthenticated attackers to take over servers, remained unpatched by Oracle weeks after the attacks began.
- The cybercrime group ShinyHunters claimed responsibility and has started naming victims and publishing stolen data.
- The attacks continue as of the latest reports, and more victims may be compromised beyond those currently identified.
