- ShinyHunters likely behind CVE-2026-35273 attack against Oracle PeopleSoft
- Versions 8.61 and 8.62 affected, users urged to take “immediate action”
- Google’s Mandiant notified over 100 organizations
Oracle PeopleSoft servers, used by universities, businesses and public sector organizations, are the target of a new attack from extortion group ShinyHunters, researchers have revealed.
The attackers claim to have compromised more than 100 organizations and exfiltrated data from approximately 300 PeopleSoft instances, exploiting a vulnerability identified as CVE-2026-35273.
Victims reportedly received demands signed by ShinyHunters threatening to release the stolen data unless a ransom was paid, with another researcher adding that it could be “a group impersonating them”, implying that the group has not yet taken responsibility for the attacks.
Oracle PeopleSoft customers vulnerable to attacks and ransom demands
“This vulnerability is remotely exploitable without authentication,” Oracle added in a June 10 security advisory. “If successfully exploited, this vulnerability can lead to remote code execution.”
Separately, researchers at Google’s Mandiant tracked the “critical remote code execution vulnerability,” with a CVSS rating of 9.8, between May 27 and June 9, 2026. “Because this activity predates Oracle’s June 10, 2026 advisory, the vulnerability was exploited as a zero-day,” the researchers added.
Oracle is urging users to take “immediate action” to apply the patch, which fixes versions 8.61 and 8.62.
In addition to Oracle’s notice, Google says it alerted more than 100 global organizations whose IP addresses matched potentially vulnerable endpoints. Two-thirds (68%) of them were higher education institutions and most of the victims were also based in the United States.
Mandiant urges users to check logs for suspicious access between late May and early June and apply Oracle’s security update, regardless of whether they were attacked.
Via BeepComputer
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
