ShinyHunters hacked 100 orgs by exploiting an Oracle PeopleSoft 0-day

A critical Oracle PeopleSoft vulnerability, identified as CVE-2026-35273, has been exploited by the ShinyHunters data theft and extortion group as a zero-day attack, compromising over 100 organizations and 300 vulnerable instances. The University of Nottingham was among the affected institutions, with the group stealing 40 GB of personal data and billing records belonging to hundreds of thousands of current and former students. The exploit was used to break into the university's PeopleSoft system, resulting in the publication of stolen files on the group's data leak site¹. The disclosure of CVE-2026-35273 expands the active attack surface, making it essential for organizations to prioritize their exposure and exploitation evidence. This vulnerability highlights the importance of prompt patching and vulnerability management, as exploiting such bugs can have severe consequences. The impact of this exploit is significant, and organizations using Oracle PeopleSoft should take immediate action to mitigate potential risks, so what matters most to practitioners is assessing their exposure to CVE-2026-35273 and applying patches to prevent similar breaches.