Researchers say ShinyHunters exploited an Oracle PeopleSoft zero-day, CVE-2026-35273, to potentially breach more than 100 organizations, with higher education accounting for most of the exposed victims. Oracle has issued mitigation guidance but no patch yet, while victims such as the University of Nottingham have confirmed student data theft. #ShinyHunters #OraclePeopleSoft #CVE-2026-35273 #UniversityofNottingham
Keypoints
- ShinyHunters is linked to a large attack spree against Oracle PeopleSoft users.
- The campaign exploited CVE-2026-35273 in Oracle PeopleSoft PeopleTools.
- The flaw allowed unauthenticated attackers to execute remote code and take over servers.
- More than 100 organizations were warned about potentially vulnerable endpoints.
- Higher education made up the majority of the potential victims, and some data theft has been confirmed.
Read More: https://cyberscoop.com/oracle-peoplesoft-zero-day-vulnerability-shinyhunters-extortion/