Summary Points
- ShinyHunters exploited a zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft, primarily targeting universities to steal sensitive data.
- The vulnerability allows remote code execution without user interaction, exposing servers with vulnerable PeopleSoft versions to potential takeover.
- Attackers left evidence—staging servers, scripts, and command-and-control data—leading cybersecurity firms to identify and warn impacted organizations.
- Immediate mitigation includes disabling or blocking access to vulnerable endpoints, applying available patches, and monitoring for signs of compromise.
Hackers Exploit Oracle Vulnerability to Target Universities
Recently, a cybercrime group known as ShinyHunters exploited a serious security flaw in Oracle’s PeopleSoft software. This flaw, identified as CVE-2026-35273, is a zero-day vulnerability, meaning it was unknown to Oracle until it was exploited. The hackers used this weakness to break into university systems, steal sensitive data, and threaten to release it unless paid. Most of the targeted institutions are based in the United States, and the breach has affected hundreds of thousands of students and alumni. The attack was possible because the vulnerability required no login or user interaction — hackers only needed network access over HTTP to launch their attack. Once inside, they could take control of servers and move laterally within university networks.
Security Experts and Institutions Respond to the Threat
As the details of this attack became public, cybersecurity researchers traced the hackers’ activities through exposed servers and malicious files left behind. A team from Mandiant identified the hackers, tracking their activities across several IP addresses and uncovering their tools, including remote management agents disguised as legitimate software. They also found evidence of the hackers attempting to spread laterally within networks and establish persistent access. Mandiant notified over 100 organizations, including many universities, of possible vulnerabilities. Notably, the University of Nottingham confirmed it had experienced a breach, with data such as names, addresses, passport numbers, and other personal details exposed. In response, Oracle advised organizations to disable certain services or block specific endpoints until patches are deployed. However, the availability of a complete fix remains uncertain, emphasizing the importance of prompt mitigation measures.
Stay Ahead with the Latest Tech Trends
Explore the future of technology with our detailed insights on Artificial Intelligence.
Explore past and present digital transformations on the Internet Archive.
DataProtection-V1
