ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploit

Mandiant and GTIG identified an active UNC6240 (ShinyHunters) campaign exploiting CVE-2026-35273 zero-day vulnerability in Oracle PeopleSoft.

• •CVE-2026-35273 is a critical RCE vulnerability (CVSS 9.8) in Environment Management component, exploited before Oracle's June 10 advisory
• •Campaign targeted 68 percent of 100+ identified vulnerable organizations in higher education sector
• •Attackers deployed MeshCentral agents disguised as Azure services for command and control
• •Used SSH credential spraying for lateral movement and deployed defacement markers across systems
• •Stolen data was compressed with zstd and published on ShinyHunters Data Leak Site

This summary was automatically generated by AI based on the original article and may not be fully accurate.