EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Signal

Oracle PeopleSoft zero-day exploited by ShinyHunters in university-targeted extortion campaign

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-06-12 06:44 UTCUpdated 2026-06-12 16:12 UTC
rss
cveexploitsbreachesthreat_actorssecurity_advisoryincident_response
Trend in the last 24h
Current brief openSource links open
This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.
BackEvidence (6)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.
4 top sources shown
Oracle fixes PeopleSoft flaw exploited by ShinyHunters
ComputerWeekly IT Security · computerweekly.com · 2026-06-12 12:22 UTC
View all evidence
Overview

A critical zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62 has been actively exploited by the ShinyHunters cybercriminal group since at least May 27, 2026.

Entities
OracleGoogleMandiantUniversity of NottinghamPeopleSoft Enterprise PeopleTools
Score total
1.66
Momentum 24h
6
Posts
6
Origins
6
Source types
1
Duplicate ratio
0%
Why now
  • Active exploitation began weeks before Oracle's public advisory and patch release.
  • Over 100 organizations, mostly universities, were potentially exposed and targeted.
  • Stolen data has already been leaked publicly, increasing urgency for affected entities to respond.
Why it matters
  • Highlights the risk of unpatched critical vulnerabilities in widely used enterprise software.
  • Demonstrates the threat posed by financially motivated cybercriminal groups targeting education sector.
  • Underlines the importance of rapid vulnerability disclosure and patching to prevent data breaches and extortion.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
  • ShinyHunters exploited a zero-day vulnerability in Oracle PeopleSoft to conduct extortion campaigns targeting universities.
  • Oracle released an out-of-band patch and advisory for CVE-2026-35273 on June 10, 2026, after active exploitation was detected.
  • Google Threat Intelligence Group confirmed exploitation of the Oracle PeopleSoft zero-day and notified over 100 potentially affected organizations, mostly in higher education.
How sources frame it
  • CSO Online: neutral
  • Rapid7: neutral
  • SecurityWeek: neutral
All evidence
All evidence
CSO Online - Oracle PeopleSoft zero-day fuels ShinyHunters extortion spree
csoonline.com · csoonline.com · 2026-06-12 09:05 UTC
Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)
Rapid7 Blog · rapid7.com · 2026-06-12 13:43 UTC
Oracle fixes PeopleSoft flaw exploited by ShinyHunters
ComputerWeekly IT Security · computerweekly.com · 2026-06-12 12:22 UTC
NCSC-2026-0195 [1.00] [M/H] Kwetsbaarheid verholpen in Oracle PeopleSoft Enterprise PeopleTools
NCSC NL Security Advisories · advisories.ncsc.nl · 2026-06-12 07:25 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 5Origin domains: 5Duplicates: -
Showing 5 / 0
Top publishers (this list)
  • csoonline.com (1)
  • CyberScoop (1)
  • Rapid7 Blog (1)
  • ComputerWeekly IT Security (1)
  • NCSC NL Security Advisories (1)
Top origin domains (this list)
  • csoonline.com (1)
  • cyberscoop.com (1)
  • rapid7.com (1)
  • computerweekly.com (1)
  • advisories.ncsc.nl (1)