Oracle PeopleSoft zero‑day fuels ShinyHunters extortion spree

A critical zero-day vulnerability in Oracle PeopleSoft's Environment Management component has been exploited by the ShinyHunters group in a recent extortion campaign, primarily targeting educational institutions. The remote code execution (RCE) flaw, which was first warned about by Oracle on June 10, 2026, allows attackers to execute malicious code remotely. Despite Oracle's advisory urging immediate patching, the vulnerability has already been leveraged in attacks, with Google Cloud's threat intelligence team reporting on the campaign's unfolding. The fact that attackers were able to exploit the flaw so quickly highlights the importance of prompt patching¹. This incident underscores the need for organizations to assess their exposure to such vulnerabilities and take swift action to mitigate potential risks, as the window for patching is rapidly diminishing. The exploitation of this zero-day vulnerability by ShinyHunters has significant implications for the security of educational institutions and other organizations that rely on Oracle PeopleSoft.