Oracle warns customers of critical PeopleSoft attack after hundreds of
servers hacked by apparent ShinyHunters data theft attacks
Date:
Fri, 12 Jun 2026 11:20:00 +0000
Description:
High-severity CVSS 9.8 PeopleSoft vulnerability caused over 100 organizations to become victims, including universities.
FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter ShinyHunters likely behind the CVE-2026-35273 attack on Oracle's PeopleSoft Versions 8.61 and 8.62 affected, users urged to take "immediate action" Google's Mandiant informed over 100 organizations Oracle PeopleSoft servers, used by universities, businesses and public sector organizations, are being targeted in a new attack by extortion group ShinyHunters, researchers have revealed.
The attackers claim to have compromised more than 100 organizations, and exfiltrated data from around 300 PeopleSoft instances, by exploiting a vulnerability tracked as CVE-2026-35273. Victims have reportedly received demands signed by ShinyHunters threatening to release stolen data, unless a ransom is paid, with another researcher adding that it could be "a group impersonating them," implying the group has not yet taken accountability for the attacks. Latest Videos From Watch full video here: Oracle PeopleSoft customers vulnerable to attacks and ransom demands "This vulnerability is remotely exploitable without authentication," Oracle added in a June 10 security advisory. "If successfully exploited, this vulnerability may result in remote code execution."
Separately, researchers from Google 's Mandiant they were tracking the "critical remote code execution vulnerability", rated a CVSS 9.8 score, between May 27 and June 9 2026. "Because this activity predates Oracle's June 10, 2026 advisory, the vulnerability was exploited as a zero-day," the researchers added. You may like Top universities among victims named in
Canvas data breach Canvas school login portals hacked as Instructure hack apparently gets even worse McGraw Hill becomes latest to see its Salesforce data hacked
Oracle is urging users to take "immediate action" to apply the patch, which fixes versions 8.61 and 8.62.
Besides Oracle's advisory, Google says it alerted over 100 global organizations whose IP addresses correlated with potentially vulnerable endpoints. Two-thirds (68%) of them were higher education institutions, and most of the victims were also based in the US. Are you a pro? Subscribe to
our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Mandiant urges users to check logs for suspicious access between late May and early June, and to apply Oracle's security update regardless of whether or
not they've been attacked.
Via BleepingComputer Follow TechRadar on Google News and add us as a
preferred source to get our expert news, reviews, and opinion in your feeds.
======================================================================
Link to news story:
https://www.techradar.com/pro/security/oracle-warns-customers-of-critical-peop lesoft-attack-after-hundreds-of-servers-hacked-by-apparent-shinyhunters-data-t heft-attacks
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)