Google confirmed that ShinyHunters exploited a critical PeopleSoft zero-day, CVE-2026-35273, to steal data from organizations before Oracle had patches available. The campaign primarily targeted higher education institutions, including the University of Nottingham, and involved compromised environments, custom tooling, and subsequent data leaks. #ShinyHunters #UNC6240 #CVE-2026-35273 #PeopleSoft #UniversityofNottingham
Keypoints
- Oracle mitigated CVE-2026-35273, a critical unauthenticated remote code execution flaw in PeopleSoft.
- Google said ShinyHunters used the flaw as a zero-day to steal data from victims.
- The attacks mainly targeted the education sector, especially higher education organizations.
- The University of Nottingham was confirmed as the first known victim.
- Google and Mandiant shared remediation guidance, indicators of compromise, and attack details.