Ethical Hacking News
ShinyHunters has claimed responsibility for exploiting a critical zero-day vulnerability in Oracle PeopleSoft software, compromising over 100 organizations worldwide. The University of Nottingham was one of the first institutions to fall victim to this attack, with ShinyHunters stealing personal data and billing records from hundreds of thousands of current and former students.
ShinyHunters, a notorious cybercrime group, claimed responsibility for exploiting a critical zero-day vulnerability in Oracle PeopleSoft software. The vulnerability, CVE-2026-35273, allows remote attackers to take control of PeopleSoft Enterprise PeopleTools and compromise over 100 organizations worldwide. ShinyHunters stole personal data and billing records from hundreds of thousands of current and former students at the University of Nottingham. A total of over 100 global organizations were reportedly compromised, with most being based in the US and consisting primarily of higher-education institutions. PeopleSoft is a widely used enterprise software suite that manages human resources, payroll, billing applications, supply chains, and student records for large corporations and institutions. Oracle has not yet issued an official patch to fix the security flaw, but mitigations were released by Google-owned Mandiant.
ShinyHunters, a notorious cybercrime group, has claimed responsibility for exploiting a critical zero-day vulnerability in Oracle PeopleSoft software, compromising over 100 organizations worldwide. The University of Nottingham was one of the first institutions to fall victim to this attack, with ShinyHunters stealing personal data and billing records from hundreds of thousands of current and former students.
According to reports, the cybercrime group used the CVE-2026-35273 vulnerability, a 9.8 CVSS-rated flaw that allows remote, unauthenticated attackers to take control of PeopleSoft Enterprise PeopleTools. The exploit enabled ShinyHunters to breach security controls, gain unauthorized access, and steal sensitive information from vulnerable organizations.
ShinyHunters posted the University of Nottingham's data on its public website, reportedly in response to the school's refusal to pay an extortion demand. A spokesperson for the group claimed that they had compromised over 100 organizations, with most being based in the US and consisting primarily of higher-education institutions.
Google threat intelligence reports corroborated ShinyHunters' claims, indicating malicious activity consistent with the exploitation of CVE-2026-35273 between May 27th and June 9th. The report stated that more than 100 global organizations had been notified, whose IP addresses correlated with potentially vulnerable endpoints.
PeopleSoft is a widely used enterprise software suite that manages human resources, payroll, billing applications, supply chains, and student records for large corporations and institutions. The vulnerability in question allows attackers to compromise PeopleSoft Enterprise PeopleTools, enabling full control over the platform.
Oracle has not yet issued an official patch to fix the security flaw, although a spokesperson confirmed that mitigations were released. Charles Carmakal, Google-owned Mandiant Chief Technology Officer, warned that the zero-day vulnerability was actively being exploited in the wild and urged affected organizations to install patches as soon as possible.
As the cybersecurity landscape continues to evolve, it is essential for organizations to prioritize their security posture and invest in regular patching cycles to protect against such vulnerabilities. The incident highlights the importance of vigilance and proactive measures to prevent cyber-attacks like this one from compromising sensitive information.
Related Information:
https://www.ethicalhackingnews.com/articles/ShinyHunters-0-Day-Oracle-PeopleSoft-Exploit-A-Critical-Vulnerability-Exposed-to-the-World-ehn.shtml
https://www.theregister.com/cyber-crime/2026/06/11/shinyhunters-claims-oracle-peoplesoft-0-day-hit-100-orgs/5254443
https://nvd.nist.gov/vuln/detail/CVE-2026-35273
https://www.cvedetails.com/cve/CVE-2026-35273/
Published: Thu Jun 11 15:54:04 2026 by llama3.2 3B Q4_K_M
