A zero-day vulnerability in Oracle PeopleSoft has been exploited by the ShinyHunters group to breach over 100 organizations worldwide, with a significant majority being higher education institutions. Research by Mandiant indicates that 68% of the targeted entities were universities and colleges running PeopleSoft, highlighting the severity of the vulnerability. The exploit has been used in an active extortion campaign, emphasizing the urgent need for affected organizations to assess their exposure. The fact that ShinyHunters was able to leverage this zero-day vulnerability to target a large number of organizations, including those in the higher education sector, underscores the importance of prompt patching and vulnerability management1. This breach matters to security practitioners because the window for patching is rapidly closing, and any delay could lead to significant consequences, including data breaches and financial losses.
ShinyHunters Hits Universities Via Oracle Zero-Day
⚠️ Critical Alert
Why This Matters
Zero-day activity targeting Google means patching windows are already closing — assess your exposure immediately.
References
- Bank Info Security. (2026, June 16). ShinyHunters Hits Universities Via Oracle Zero-Day. Bank Info Security. https://www.bankinfosecurity.com/shinyhunters-hits-universities-via-oracle-zero-day-a-31979
Original Source
Bank Info Security
Read original →