WireByte

Home / Latest

ShinyHunters Allegedly Exploits Oracle PeopleSoft Zero-Day, Targeting Hundreds of Servers
Image: Wikipedia
Latest

ShinyHunters Allegedly Exploits Oracle PeopleSoft Zero-Day, Targeting Hundreds of Servers

WireByte Staff · June 12, 2026

The extortion group ShinyHunters is reportedly exploiting a critical zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft versions 8.61 and 8.62. The attackers claim to have compromised approximately 300 servers globally, impacting universities, businesses, and public sector organizations. Oracle urges immediate patching of the remotely exploitable vulnerability.

Key points

  • The extortion group ShinyHunters is accused of exploiting a critical zero-day vulnerability, CVE-2026-35273, affecting Oracle PeopleSoft versions 8.61 and 8.62.
  • The vulnerability is remotely exploitable without authentication and could lead to remote code execution, with a CVSS score of 9.8.
  • Researchers tracked exploitation between May 27 and June 9, 2026, before Oracle's June 10 security advisory, indicating it was a zero-day.
  • ShinyHunters claims to have compromised around 300 PeopleSoft instances across over 100 organizations, including universities and public sector entities.
  • Victims have reportedly received ransom demands from ShinyHunters, threatening data release if payments are not made.
  • Oracle has issued an urgent advisory, urging customers to apply available patches immediately to mitigate the risk.

Oracle PeopleSoft servers are under attack, with the extortion group ShinyHunters reportedly exploiting a critical zero-day vulnerability. The attackers claim to have breached approximately 300 instances of PeopleSoft, impacting a wide range of organizations including universities, businesses, and public sector entities globally.

The vulnerability, tracked as CVE-2026-35273, allows for remote code execution without authentication. Researchers from Google's Mandiant confirmed they were tracking the exploitation of this vulnerability between May 27 and June 9, 2026, prior to Oracle's official security advisory on June 10. This timeline indicates the vulnerability was exploited as a zero-day.

Victims have allegedly received ransom demands signed by ShinyHunters, with threats to release exfiltrated data if demands are not met. Oracle has released a security advisory urging all customers to take immediate action to apply the necessary patches to protect their systems from this critical threat.

Sources

WireByte Staff — Editorial Team

The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.