ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

2026-06-11

1 min read

by info@thehackernews.com (The Hacker News)

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Oracle PeopleSoft zero-day CVE-2026-35273 was exploited by ShinyHunters to breach universities and exfiltrate personal data.

•RCE vulnerability in PeopleTools 8.61/8.62 requires only network access with no authentication or user interaction
•Attackers breached 68% higher education institutions using custom MeshCentral agents and SSH lateral movement
•University of Nottingham leaked 455,000 records containing names, addresses, passport numbers, ethnicity, and disability details
•Mitigation: disable PSEMHUB service or block /PSEMHUB/* and /PSIGW/HttpListeningConnector endpoints externally

This summary was automatically generated by AI based on the original article and may not be fully accurate.

Related Articles