ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

Jun 12, 2026 12:02 AM

Tags: advisory, breach, data, exploit, extortion, flaw, group, mandiant, oracle, zero-day

The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest.Google’s Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its advisory until June 10, so the bug was a

First seen on thehackernews.com

Jump to article: thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html

also interesting:

CVE-2025-61882: Frequently Asked Questions About Oracle E-Business Suite (EBS) Zero-Day and Associated Vulnerabilities
CVE-2025-61882: Frequently Asked Questions About Oracle E-Business Suite (EBS) Zero-Day and Associated Vulnerabilities
Cybersecurity Snapshot: Global Agencies Target Criminal “Bulletproof” Hosts, as CSA Unveils Agentic AI Risk Framework
13 ways attackers use generative AI to exploit your systems

Collecting Cyber-News from over 60 sources

X
LinkedIn
RSS Feed
Mail

Here I provide a database that gathers and curates the latest news on Cybersecurity. Being well-informed is the key to successfully respond on security threats.

Imprint | Privacy Policy | Contact