Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign

A critical zero-day vulnerability in Oracle PeopleSoft was exploited by the ShinyHunters group to breach over 100 organizations, primarily universities, between May 27 and June 9. The flaw, which allowed for remote code execution, was used to target organizations before a patch was available, leaving them vulnerable to attack. Mandiant and Google's Threat Intelligence Group published an analysis of the campaign on June 11, just one day after Oracle issued an advisory for the vulnerability. The swift exploitation of this zero-day flaw highlights the importance of prompt patching, as the window for remediation is rapidly shrinking. The fact that ShinyHunters was able to breach so many organizations using this vulnerability¹ underscores the need for organizations to assess their exposure immediately. This campaign's success demonstrates that attackers can quickly leverage zero-day flaws to inflict significant damage, making timely patching crucial for preventing similar breaches.