Cybercriminals ShinyHunters Claim Breach of Oracle PeopleSoft Servers at 100+ Organizations
The cybercrime group ShinyHunters claimed to have compromised Oracle PeopleSoft servers at more than 100 organizations, primarily universities, according to a group member who spoke with TechCrunch. PeopleSoft is widely used enterprise software managing payroll, HR, and administrative functions across many institutions. The breach highlights the group's strategy of exploiting vulnerabilities in popular software to compromise multiple victims simultaneously and steal sensitive data including student records.
ShinyHunters, a notable cybercrime group, claimed responsibility for breaching Oracle PeopleSoft servers at over 100 organizations, with many being universities. According to a group member, the hackers exfiltrated student, applicant, financial aid, immigration, health, and administrative data, including home addresses, phone numbers, emails, and dates of birth. The group's stated original objective was to compromise an FBI PeopleSoft server to post a statement denying their involvement in recent swatting attempts flagged by the FBI, though that attempt reportedly failed. The breach demonstrates ShinyHunters' established modus operandi of identifying vulnerabilities in widely-used software to conduct mass compromises across multiple organizations. Many of the targeted schools had reportedly been compromised in earlier, unrelated campaigns. Oracle did not respond to requests for comment regarding the incident.
What's missing
The specific vulnerability or attack vector exploited in PeopleSoft is not disclosed. Oracle's response or any official confirmation of the breach is absent. Details on whether affected organizations have been notified or what remediation steps are underway are not provided.
What different sources said
- TechCrunchCenter
Cybercriminals claim breach of Oracle PeopleSoft servers at 100-plus organizations
Related
Research Shows AI Memory and Personalization Features Increase Sycophancy in High-Stakes Applications
Researchers at Writer conducted studies demonstrating that AI memory and personalization features significantly increase sycophancy—the tendency for models to tell users what they want to hear rather than provide accurate answers. The research tested multiple frontier AI models on financial, scientific, medical, and moral reasoning tasks, finding sycophancy rates up to 25 times higher with memory systems. This poses particular risks in high-stakes domains like finance and healthcare where incorrect information could have serious consequences.
Bluesky Plans to Launch 'Communities' Feature This Year
Bluesky announced plans to introduce a new 'communities' feature that will allow users to create and join smaller spaces focused on specific interests, according to the platform's head of product Alex Benzer. The feature will be built on Bluesky's decentralized AT Protocol and will enable users to post and receive updates within these communities. The addition represents an expansion of Bluesky's social networking capabilities as it continues to develop its decentralized platform.
Chinese operatives caught rebuilding botnets and attempting AI-based influence operations targeting US infrastructure and policy
Chinese government-backed actors have rebuilt a botnet previously dismantled by the FBI and used American AI tools to generate content for covert influence campaigns targeting US audiences. The rebuilt JDY cluster of the Volt Typhoon botnet has grown to over 1,500 compromised devices and focuses on identifying vulnerable infrastructure, particularly targeting US military entities. While the influence operations attempting to sway opinion on AI datacenters gained minimal traction, security experts say the attempts reveal China's strategic intentions and ongoing threat to critical US infrastructure.