- The ShinyHunters cybercrime group exploited a critical zero-day flaw in Oracle PeopleSoft to steal data from enterprise systems.
- The vulnerability, CVE-2026-35273, allows unauthenticated remote code execution and was actively exploited before a patch was available.
- Higher education institutions were the primary targets, with Google’s Mandiant notifying over 100 organizations, 68% of which were universities.
- Attackers used a custom script to move laterally across networks and exfiltrate data, which was subsequently posted to a public leak site.
The ShinyHunters extortion crew launched a campaign in late May 2026, exploiting an unpatched flaw in Oracle PeopleSoft to breach enterprise systems and steal sensitive data. They primarily targeted universities, demanding payment to keep the stolen information private according to reports.
The critical vulnerability, tracked as CVE-2026-35273, allowed remote code execution without any login credentials. Consequently, attackers could take over servers simply by having network access over HTTP.
Mandiant CTO Charles Carmakal confirmed the bug was being exploited in the wild. Meanwhile, attackers left their own infrastructure exposed, which researchers publicly flagged.
Operational details revealed custom remote-management agents and a lateral-movement script designed to spread across internal networks. This script then compressed stolen data and connected to the attackers’ leak site.
The University of Nottingham has been confirmed as a victim, with data covering approximately 455,000 individuals leaked online. However, ShinyHunters claims more victim announcements are forthcoming.
Oracle’s immediate guidance was to disable the vulnerable Environment Management Hub service or block external access to specific endpoints. Organizations are urged to hunt for signs of compromise, such as unexpected files or unusual outbound traffic.
This attack marks a significant escalation for ShinyHunters, which has typically relied on social engineering. Exploiting a server-side zero-day in on-premises ERP software represents a more sophisticated approach.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
