ShinyHunters exploits Oracle PeopleSoft zero-day to breach 100+ organizations, including University of Nottingham
The cybercriminal group ShinyHunters exploited a critical, unpatched vulnerability (CVE-2026-35273) in Oracle's PeopleSoft software to compromise more than 100 organizations, with approximately 68% being higher education institutions. The University of Nottingham was among the first confirmed victims, with 40 GB of student data including personal information, payment records, and passport numbers stolen and published. The breach highlights a broader pattern of ShinyHunters targeting vulnerable enterprise software used by educational institutions for extortion purposes.
ShinyHunters, a data theft and extortion group, exploited a critical zero-day vulnerability in Oracle PeopleSoft—enterprise software used for human resources, payroll, and student records management—to breach more than 100 organizations between May 27 and June 9. The University of Nottingham was among the first publicly confirmed victims, with attackers stealing approximately 40 GB of data containing names, addresses, phone numbers, ethnicities, disabilities, passport numbers, and academic enrollment information from 455,000 unique email addresses. Google's Mandiant and Threat Intelligence Group confirmed the campaign and notified affected organizations after the attacks occurred; Oracle issued a security advisory on June 10 but had not released a patch at the time of reporting. The vulnerability (CVE-2026-35273) has a CVSS severity rating of 9.8 and allows remote, unauthenticated attackers to fully compromise PeopleSoft systems via HTTP. Most affected organizations are based in the United States, with approximately 68% operating in the higher education sector, reflecting ShinyHunters' established pattern of targeting educational institutions for extortion.
What's missing
The sources do not provide information on whether any of the 100+ affected organizations have paid ransom demands or details on the specific ransom amounts requested by ShinyHunters.
What different sources said
- Channel NewsAsiaCenter
Google says ShinyHunters hackers targeting education sector via Oracle exploit
- The RegisterCenter
ShinyHunters hacked 100+ orgs by exploiting an Oracle PeopleSoft 0-day
- TechCrunchCenter
Oracle warns of security bug that hackers abused to breach 100+ companies
- The RegisterCenter
Nottingham Uni says student records raided after ShinyHunters claims cyberattack
Related
SpaceX Launches 24 Starlink Satellites as Company Prepares for IPO
SpaceX launched 24 Starlink satellites from Vandenberg Space Force Base in California on June 11, 2026, with the first-stage booster completing its 34th mission. The launch occurred during the same week as SpaceX's highly anticipated IPO on NASDAQ, which has drawn over $100 billion in retail orders. The mission increased the Starlink megaconstellation to more than 10,600 satellites, marking SpaceX's 67th Falcon 9 launch of the year.
SpaceX's First Employee Tom Mueller Reflects on Company's Historic IPO
Tom Mueller, SpaceX's first employee and head of propulsion research, praised the company's upcoming initial public offering as validation of its mission to make space exploration affordable. Mueller met Elon Musk through an amateur rocket club and joined SpaceX in 2002, helping develop the Falcon 9 rocket engines. The IPO represents a milestone for the space industry and could make Musk the world's first trillionaire.
AI Governance Gaps Emerge Across Government and Private Sector
Australian government agencies have largely failed to meet transparency deadlines for disclosing their AI use, with only 43% meeting a February 2025 deadline, while separately, 90% of security leaders report concerns about AI-generated code outpacing security oversight mechanisms. These failures highlight systemic challenges in regulating rapidly evolving AI technology across both public and private sectors. The gaps underscore broader questions about whether self-regulation and existing frameworks can adequately manage AI risks as adoption accelerates.