ShinyHunters exploit Oracle PeopleSoft zero-day

The hacker group ShinyHunters exploited an undiscovered vulnerability in Oracle PeopleSoft, known as CVE-2026-35273, to infiltrate the systems of several universities. These cyberattacks occurred between May 27 and June 9, 2026, resulting in massive data loss. The group demanded ransom from the affected institutions to avoid publishing the stolen data.

The security firm Mandiant, which is part of Google, identified the ShinyHunters attacks as part of its ongoing monitoring of the group known as UNC6240. Mandiant analyzed the group's activities and found that they specifically targeted educational institutions. The attacks are particularly concerning as they target inadequately protected systems containing sensitive information.

Oracle releases security warning

Oracle released a security warning on June 10, 2026, regarding the vulnerability exploited by ShinyHunters. The delay between the occurrence of the attacks and the release of the warning put many universities in a difficult position. The affected institutions were unaware of the threat until their systems had already been compromised.

The vulnerability in Oracle PeopleSoft allows attackers to gain unauthorized access to the systems and steal data. This type of attack is not new; however, the targeted focus on educational institutions in this case has taken on alarming dimensions. The stolen data could include personal information of students and staff, significantly worsening the security situation at the affected universities.

The ShinyHunters group is known for its aggressive tactics and has previously conducted similar attacks across various industries. Their approach often involves exploiting vulnerabilities in widely used software to infiltrate systems and steal data. The group has earned a reputation as one of the most active and dangerous hacker groups.

Reactions from affected universities

The affected universities responded to the attacks by reviewing their systems and strengthening security measures. Many institutions informed their students and staff about the incidents and urged them to remain vigilant. The universities now face the challenge of restoring trust among those affected and ensuring that their systems are better protected in the future.

The incidents have also sparked a broader discussion about cybersecurity in the education sector. Experts warn that educational institutions often lack the necessary resources to protect themselves against such attacks. The attacks by ShinyHunters could serve as a wake-up call for many institutions to rethink and improve their security strategies.

The security situation in the field of cybersecurity remains tense, especially for organizations dealing with sensitive data. The attacks on universities by ShinyHunters are an example of the growing threat posed by cybercrime and the need to take proactive measures to prevent such incidents.