ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
The ShinyHunters extortion crew exploited an unpatched zero-day vulnerability in Oracle PeopleSoft (CVE-2026-35273) to breach university enterprise systems, steal data, and demand ransom. Google's Mandiant attributes the activity to a group it tracks as UNC6240, with the campaign occurring between May 27 and June 9. Oracle released its security advisory for the vulnerability on June 10, indicating that the exploit was active before a patch was publicly available. The attackers targeted multiple universities, exfiltrating sensitive information and threatening to release it unless a payment was made. Mandiant's analysis highlighted that the exploitation of this PeopleSoft flaw allowed ShinyHunters to gain initial access to victim networks, enabling further data theft and extortion attempts. The group's focus on educational institutions suggests a strategic targeting of organizations with potentially large volumes of sensitive personal and financial data.
Original source — read the full reporting at the publisher:
Read on The Hacker News