ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

Thursday, June 11, 2026 at 08:29 PM UTC·Source: The Hacker News

Updated: Thursday, June 11, 2026 at 09:00 PM UTC

Executive Summary

The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its advisory until June 10, so the bug was a

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-35273

NVD MITRE CVE

Source Attribution

Originally published by The Hacker News on Jun 11, 2026.

Related Threats

CRITICALZero Day

Oracle PeopleSoft zero‑day fuels ShinyHunters extortion spree

A newly disclosed Oracle PeopleSoft zero-day became the weapon of choice in a recent ShinyHunters extortion campaign that primarily targeted universities and other educational institutes. Attackers exploited the critical remote code execution (RCE) flaw in PeopleSoft’s Environment Management component that Oracle started warning customers about on June 10, 2026. In an advisory , the company urged

CVE-2026-35273

1h agoCSO Online

CRITICALZero Day

Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters

Oracle has mitigated CVE-2026-35273, but it has not publicly confirmed the vulnerability’s in-the-wild exploitation. The post Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters appeared first on SecurityWeek .

CVE-2026-35273

3h agoSecurityWeek

CRITICALZero Day

Oracle mitigates PeopleSoft zero-day exploited in data theft attacks

Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. [...]

CVE-2026-35273

14h agoBleepingComputer