CRITICALZero Day
Global

ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw

·Source: CyberScoop

Updated:

Executive Summary

Oracle still hasn't patched the vulnerability the group has been using in its attacks since late May. The post ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw appeared first on CyberScoop .

Analysis

Oracle still hasn't patched the vulnerability the group has been using in its attacks since late May. The post ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw appeared first on CyberScoop .
Source Attribution

Originally published by CyberScoop on Jun 12, 2026.

Related Threats

CRITICALZero Day

GreatXML zero-day BitLocker bypass doesn’t seem to work, yet

A disgruntled researcher who has been publishing zero-day Microsoft Windows vulnerabilities for the past several months released a new exploit Thursday that promises to bypass BitLocker encryption on locked devices. A well respected security expert reported that the exploit doesn’t work as initially described, but the researcher is looking for ways to fix it. Dubbed GreatXML, the exploit is suppos

CSO Online
CRITICALZero Day

ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed

A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.

Dark Reading
CRITICALZero Day

Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)

Overview On June 10, 2026, Oracle published a security alert for CVE-2026-35273 , a critical vulnerability in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools. Oracle released an out-of-band patch the same day as the advisory, underscoring the urgency of remediation. The vulnerability has a CVSSv3.1 score of 9.8 and is remotely exploitable without authentication. P

CVE-2026-35273CVE-2013-3821
Rapid7