- ShinyHunters is likely behind the CVE-2026-35273 attack on Oracle’s PeopleSoft
- Versions 8.61 and 8.62 affected, users urged to take “immediate action”
- Google’s Mandiant informed more than 100 organizations
Oracle PeopleSoft servers, used by universities, businesses and public sector organizations, are under a new attack by the ShinyHunters extortion group, researchers revealed.
The attackers claim to have compromised more than 100 organizations and exfiltrated data from around 300 PeopleSoft instances by exploiting a vulnerability identified as CVE-2026-35273.
Victims have reportedly received lawsuits signed by ShinyHunters threatening to reveal stolen data unless a ransom is paid, with another researcher adding that it could be “a group impersonating them,” implying that the group has not yet claimed responsibility for the attacks.
Oracle PeopleSoft Customers Vulnerable to Attacks and Ransom Demands
“This vulnerability can be exploited remotely without authentication,” Oracle added in a June 10 security advisory. “If successfully exploited, this vulnerability can lead to remote code execution.”
Separately, researchers at Google’s Mandiant were tracking the “critical remote code execution vulnerability,” rated with a CVSS score of 9.8, between May 27 and June 9, 2026. “Because this activity predates Oracle’s June 10, 2026 advisory, the vulnerability was exploited as a zero-day,” the researchers added.
Oracle urges users to take “immediate action” to apply the patch, which fixes versions 8.61 and 8.62.
In addition to Oracle’s notice, Google says it alerted more than 100 global organizations whose IP addresses correlated with potentially vulnerable endpoints. Two-thirds (68%) of them were higher education institutions and the majority of victims were also based in the United States.
Mandiant urges users to check logs for suspicious access between late May and early June, and apply the Oracle security update regardless of whether they have been attacked or not.
Through beepcomputer
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
