ShinyHunters Exploits Oracle PeopleSoft Zero-Day, Targets Over 100 Higher Education Institutions
By
Linn Freedman
Summary
Researchers from Mandiant and Google Threat Intelligence Group warn that the ShinyHunters hacking group has exploited an Oracle PeopleSoft zero-day vulnerability (CVE-2026-35273) to potentially infiltrate over 100 organizations, primarily in the higher education sector. The vulnerability allows unauthorized remote code execution and server takeover. ShinyHunters has begun publishing names of compromised victims and stolen data. Oracle has released mitigation steps.
Source
Key quotes
· 3 pulledShinyHunters has exploited an Oracle PeopleSoft zero-day vulnerability and has "potentially infiltrated the networks of more than 100 organizations in an attack spree that largely impacted higher education."
The vulnerability (CVE-2026-35273) "allows unauthorized attackers to execute remote code and takeover affected servers."
ShinyHunters has reportedly started publishing the names of the compromised victims and stolen data.
You might also wanna read

CVE-2026-35273: Oracle PeopleSoft RCE Zero-Day Explained
ShinyHunters defaces school Canvas login pages after Instructure data breach
Education tech company Instructure disclosed a data breach where hackers stole student names, emails, and teacher-student messages. The cybe
Google Confirms Data Breach in Salesforce CRM Theft Campaign by ShinyHunters
Google has become the latest victim of a data breach in a series of Salesforce CRM data theft attacks orchestrated by the ShinyHunters extor
Security Researchers Discover RCE Chain in PostHog Analytics Platform Through SSRF, ClickHouse Zero-Day, and Default PostgreSQL Credentials
A security research team discovered multiple critical vulnerabilities in PostHog analytics platform that could be chained together for remot
mdisec.com·6mo ago
Vercel Cloud Platform Hacked via Compromised Third-Party AI Tool
Vercel, a major cloud development platform, was hacked by the ShinyHunters group, who stole employee data including names, email addresses,
Canvas offline after ShinyHunters data breach exposes student information
Canvas, the Instructure-owned learning management platform, is currently down after confirming a massive data breach exposing student names,

Comments
Sign in to join the conversation.
No comments yet. Be the first.