ShinyHunters Exploit Oracle PeopleSoft Zero-Day

The hacker group ShinyHunters has exploited an undiscovered vulnerability in Oracle PeopleSoft to infiltrate the systems of several universities. These attacks occurred between May 27 and June 9, 2026. The group, identified by Google’s Mandiant as UNC6240, has stolen data and is now demanding ransom to keep the information confidential.

The vulnerability is assigned the CVE number CVE-2026-35273. Oracle released a security update only on June 10, 2026, meaning that the flaw was unprotected during the attacks. The affected universities have already taken measures to mitigate the impact of the incident and secure their systems. The attacks specifically targeted educational institutions, which often have fewer resources for cybersecurity.

Mandiant reports that the group was specifically searching for sensitive data that could be used for extortion. The stolen information could include personal data of students and staff, significantly increasing the risks for the affected institutions. ShinyHunters is known for its aggressive extortion tactics and has previously conducted similar attacks on other organizations. The group has built a reputation for exploiting zero-day vulnerabilities, making their attacks particularly dangerous. The current campaign highlights the importance of timely implementation of security updates.

The response of the affected universities to the incident varies. Some have already reviewed and strengthened their IT security protocols, while others are still assessing the damage. Experts warn that such attacks could increase in the future, especially if vulnerabilities are not quickly addressed. The vulnerability in Oracle PeopleSoft is not the first of its kind exploited by ShinyHunters. The group has previously identified and exploited similar flaws in various software solutions.

This raises questions about the overall security of enterprise software, particularly in critical areas such as education and healthcare. The incidents have also drawn the attention of regulatory authorities, who are now scrutinizing the security practices of educational institutions more closely. New policies aimed at improving cybersecurity in schools and universities are expected to be developed. The need to quickly close security gaps is seen as crucial to preventing future attacks. The vulnerability CVE-2026-35273 not only affects universities but could also endanger other organizations using Oracle PeopleSoft.

Organizations are urged to promptly review their systems and install the latest security updates. According to Oracle, the affected versions of PeopleSoft are in use in many large companies and institutions. The incidents underscore the ongoing threat of cybercrime and the necessity for organizations to take proactive measures to secure their systems. Experts recommend regular training for employees and the implementation of layered security strategies to minimize the risk of data loss. The vulnerability was officially confirmed by Oracle on June 10, 2026, highlighting the urgency of the situation.