The ShinyHunters cybercrime group exploited a zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft between May 27 and June 9 to breach enterprise systems, primarily targeting universities. The attacks involved data theft and extortion demands, with Oracle not releasing a security advisory until June 10, after the exploitation window had closed.
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its advisory until June 10, so the bug was a
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
