All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

ShinyHunters actively exploiting critical Oracle PeopleSoft vulnerability; CISA adds to known exploited list

By

Dirk Knop

5h ago· 2 min readenNews
Bagel score 75 of 100
75/100
Toasty
Bagelometer

Crusty in the right places. Worth the chew.

Score75TypenewsSentimentnegative

Summary

A critical code injection vulnerability in Oracle PeopleSoft PeopleTools was disclosed last Thursday. The criminal cyber gang ShinyHunters is actively exploiting this vulnerability, according to IT security researchers. Oracle issued an out-of-cycle security patch outside its regular quarterly update schedule. The US cybersecurity authority CISA has added the vulnerability to its "Known Exploited Vulnerabilities" catalog, indicating active exploitation and urging organizations to patch immediately.

Key quotes

· 3 pulled
The criminal online gang ShinyHunters is apparently already attacking the vulnerability, warn IT researchers.
The US IT security authority CISA has also added the vulnerability to the 'Known Exploited Vulnerabilities' catalog.
Oracle had warned about the security vulnerability outside the usual quarterly 'Critical Patch Updates' (CPU) and the new 'Critical Security Patch Updates' (CSPU) introduced in the months in between.
Snippet from the RSS feed
The criminal group ShinyHunters is attacking the critical security vulnerability in Oracle PeopleSoft that became known over the weekend.

You might also wanna read

Google Confirms Data Breach in Salesforce CRM Theft Campaign by ShinyHunters

Google has become the latest victim of a data breach in a series of Salesforce CRM data theft attacks orchestrated by the ShinyHunters extor

bleepingcomputer.com·10mo ago

ShinyHunters defaces school Canvas login pages after Instructure data breach

Education tech company Instructure disclosed a data breach where hackers stole student names, emails, and teacher-student messages. The cybe

TechCrunch·1mo ago

PornHub Premium Member Data Stolen in Mixpanel Breach, Extortion Attempt by ShinyHunters

PornHub is being extorted by the ShinyHunters gang after hackers stole Premium member search and watch history data through a breach at anal

bleepingcomputer.com·5mo ago

Checkout.com Responds to Cyber Extortion Attempt Targeting Legacy System

Checkout.com experienced a cyber extortion attempt by the criminal group 'ShinyHunters' who gained unauthorized access to a legacy third-par

checkout.com·7mo ago

Security Researchers Discover Indirect Prompt Injection Vulnerability in Perplexity Comet AI Browser

Brave security researchers discovered a critical vulnerability called "indirect prompt injection" in Perplexity Comet, an AI-powered browser

brave.com·9mo ago

Canvas offline after ShinyHunters data breach exposes student information

Canvas, the Instructure-owned learning management platform, is currently down after confirming a massive data breach exposing student names,

The Verge·1mo ago