- ShinyHunters is likely behind the CVE-2026-35273 attack on Oracle’s PeopleSoft
- Versions 8.61 and 8.62 are affected, users are encouraged to take “immediate action”
- Google’s Mandiant informed over 100 organizations
Oracle PeopleSoft servers used by universities, businesses and public sector organizations are being targeted in a new attack by the ShinyHunters extortion group, researchers have revealed.
The attackers claim to have compromised more than 100 organizations and exfiltrated data from about 300 PeopleSoft instances by exploiting a vulnerability tracked as CVE-2026-35273.
Victims have reportedly received demands signed by ShinyHunters threatening to release stolen data unless a ransom is paid, with another researcher adding that it could be “a group impersonating them”, suggesting the group has yet to claim responsibility for the attacks.
Oracle PeopleSoft customers vulnerable to attacks and ransom demands
“This vulnerability can be remotely exploited without authorization,” Oracle added in a June 10 security advisory. “If exploited, this vulnerability could result in remote code execution.”
Researchers from Google’s Mandiant, tracking the “critical remote execution vulnerability,” each assessed a CVSS 9.8 score between May 27 and June 9, 2026. “Because this activity predates Oracle’s June 10, 2026 advisory, the vulnerability was exploited as a zero-day,” the research added.
Oracle is urging users to take “immediate action” to apply the patch, which fixes versions 8.61 and 8.62.
In addition to Oracle’s advisory, Google says it alerted over 100 global organizations whose IP addresses correlated with potentially vulnerable endpoints. Two-thirds (68%) of them were institutions of higher learning, and most of the victims were also based in the United States.
Mandiant encourages users to check logs for suspicious access between late May and early June, and to apply Oracle’s security update regardless of whether they have been attacked or not.
Via Bleeping Computer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
