π‘οΈ π¨ BREAKING: ShinyHunters Exploits Oracle PeopleSoft Zero-Day CVE-2026-35273 β University Networks Actively Breached
Published Thursday, June 11, 2026 at 03:54 PM PT BLUF: Threat actor ShinyHunters is actively exploiting a zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft to breach university networks. All higher education institutions running Oracle PeopleSoft should treat this as an active threat requiring immediate action. No patch status confirmed at time of publication. DETAILS ShinyHunters β a financially motivated threat actor with a documented history of large-scale data theft and extortion β has been attributed to active exploitation of CVE-2026-35273 in Oracle PeopleSoft. The vulnerability is described as a zero-day, meaning exploitation is occurring without a publicly available patch at the time of reporting. Patch availability has not been independently confirmed in the source material provided. Confirmed targets are universities; the number of affected institutions, specific names, and volume of data compromised are not confirmed in available reporting. The nature of the vulnerability (e.g., authentication bypass, RCE, SQL injection) is not specified in source material β treat all PeopleSoft attack surfaces as potentially in scope until Oracle publishes an advisory. ShinyHunters has previously exfiltrated and auctioned stolen data; data exposure for affected institutions should be assumed until ruled out. IMPACT Who: Higher education institutions globally running Oracle PeopleSoft β commonly used for student information systems (SIS), HR, and financial data. Data at risk: Potentially includes student PII, financial records, employee data, and academic records β scope unconfirmed. Breadth: Number of breached institutions unknown at this time. Assume threat is ongoing and opportunistic. RECOMMENDED ACTIONS Immediately audit Oracle PeopleSoft internet-facing instances for signs of unauthorized access, unusual queries, or lateral movement. Restrict external access to PeopleSoft portals where operationally feasible pending patch availability. Monitor Oracleβs security advisory portal (https://www.oracle.com/security-alerts/) for an emergency patch or mitigation guidance for CVE-2026-35273. Review logs for indicators of compromise associated with ShinyHunters TTPs, including bulk data staging and exfiltration activity. Notify incident response teams and legal/compliance functions now β student and employee PII exposure may trigger regulatory notification obligations (FERPA, GDPR, state breach laws). Do not wait for Oracle confirmation before initiating defensive measures. β οΈ UNCERTAINTY FLAGS Patch availability, vulnerability class, and full victim list are unconfirmed in source material. CVE-2026-35273 is a future-dated identifier β verify against Oracleβs official CVE registry before finalizing internal reporting. SOURCES The Hacker News β ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities Additional context: Broader active exploitation trend across enterprise platforms (Cisco SD-WAN, PAN-OS, Oracle WebLogic) suggests elevated threat environment for unpatched infrastructure.