Signal
ShinyHunters exploit Oracle PeopleSoft zero-day to breach universities and other organizations
Evidence first: scan the strongest sources, then decide whether to go deeper.
Published 2026-06-11 13:56 UTCUpdated 2026-06-12 09:05 UTC
rss
cveexploitsbreachesmalwarethreat_actorsadvisories
Trend in the last 24h
Source links open
Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.4 top sources shown
Overview
Between late May and early June 2026, the ShinyHunters threat group exploited a critical remote code execution vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools Environment Management component.
Entities
OracleGoogleMandiantShinyHuntersAusCERTNCSC NetherlandsCanadian Cyber Security CentrePeopleSoft PeopleTools
Score total
1.95
Momentum 24h
9
Posts
9
Origins
7
Source types
1
Duplicate ratio
0%
Why now
- Exploitation occurred before Oracle's public advisory, highlighting zero-day risks.
- Data theft and extortion campaigns are ongoing, affecting over 100 organizations.
- Security agencies are actively issuing alerts and mitigation guidance to prevent further impact.
Why it matters
- The vulnerability allowed remote code execution leading to full system compromise.
- Higher education sector was disproportionately targeted, risking sensitive academic data.
- Demonstrates the critical need for rapid patching and proactive threat intelligence.
LLM analysis
Topic mix: lowPromo risk: lowSource quality: high
Recurring claims
- ShinyHunters exploited Oracle PeopleSoft zero-day CVE-2026-35273 before public patch release.
- The attacks primarily targeted higher education institutions, resulting in data theft and extortion demands.
- Oracle released patches for PeopleTools versions 8.61 and 8.62 to mitigate the vulnerability.
How sources frame it
- Mandiant And Google Threat Intelligence Group: neutral
This incident highlights the rapid exploitation of a critical Oracle PeopleSoft vulnerability by ShinyHunters, emphasizing the importance of swift patch deployment and sector-specific threat awareness, especially in...
All evidence
All evidence
Oracle PeopleSoft zero‑day fuels ShinyHunters extortion spree
CSO Online · csoonline.com · 2026-06-12 09:05 UTC
NCSC-2026-0195 [1.00] [M/H] Kwetsbaarheid verholpen in Oracle PeopleSoft Enterprise PeopleTools
NCSC NL Security Advisories · advisories.ncsc.nl · 2026-06-12 07:25 UTC
Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters
SecurityWeek · securityweek.com · 2026-06-12 06:44 UTC
UPDATE ALERT Oracle PeopleSoft PeopleTools: CVSS (Max): 9.8
AusCERT - Bulletins · portal.auscert.org.au · 2026-06-12 03:31 UTC
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
thehackernews · thehackernews.com · 2026-06-11 20:29 UTC
ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploit
Mandiant Blog · cloud.google.com · 2026-06-11 14:00 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 6Origin domains: 6Duplicates: -
Showing 6 / 0
Top publishers (this list)
- CSO Online (1)
- NCSC NL Security Advisories (1)
- SecurityWeek (1)
- AusCERT - Bulletins (1)
- thehackernews (1)
- Mandiant Blog (1)
Top origin domains (this list)
- csoonline.com (1)
- advisories.ncsc.nl (1)
- securityweek.com (1)
- portal.auscert.org.au (1)
- thehackernews.com (1)
- cloud.google.com (1)