ShinyHunters exploits Oracle PeopleSoft vulnerability: The new hack
The ShinyHunters group is leveraging a zero-day in Oracle PeopleSoft to target universities and demand ransoms through extortion tactics.
The new hack shaking educational institutions
Security in enterprise management systems has once again been called into question following the revelation of a malicious campaign executed by the extortion group ShinyHunters. This time, the primary targets were universities, whose systems were compromised by exploiting a zero-day vulnerability in Oracle PeopleSoft software.
The incident, identified under code CVE-2026-35273, allowed attackers to access sensitive information, steal data, and subsequently demand payment to prevent its public release. These types of ransomware and extortion attacks remain a critical threat, similar to what we have seen recently with other groups in the sector, as analyzed in our report on "The Gentlemen: El ascenso del nuevo gigante del ransomware".
Attack analysis: Chronology of a critical flaw
According to investigations by Mandiant (Google), the group responsible for these intrusions is tracked under the designation UNC6240. The malicious activity was concentrated in a critical period between May 27 and June 9.
The attacker's window of opportunity
The most concerning aspect of this incident is the time lag between the active exploitation and the manufacturer's response:
- Attack start: May 27.
- Patch release: Oracle issued its official advisory on June 10.
- Consequence: For nearly two weeks, the attackers operated unopposed, as the vulnerability had no available fix, leaving institutions completely exposed.
"The use of zero-day flaws by groups like ShinyHunters demonstrates increasing sophistication in the attack supply chain, prioritizing sectors with large volumes of personal data," analysts point out.
Lessons learned in cybersecurity
This event underscores the need to maintain constant vigilance over critical infrastructure updates. As with recent alerts where the "CISA warns of new vulnerabilities in Cisco and Chrome under attack", the speed of patch application is the only effective defense against groups that exploit flaws before they become public knowledge.
The attackers' strategy is no longer limited to file encryption; it has evolved toward data exfiltration, a psychological and financial pressure tactic that forces organizations to rethink their incident response protocols. In this context, prevention must involve proactive network log monitoring and strict segmentation of management databases.
Related articles
11 de julio de 2026
Condemna històrica: membre de la banda Ryuk ransomware admet la seva culpabilitat
Un ciutadà armeni es declara culpable als EUA pel desplegament de ransomware Ryuk, afrontant una possible sentència de 15 anys de presó.
11 de julio de 2026
Historic Conviction: Ryuk Ransomware Gang Member Admits Guilt
An Armenian national pleads guilty in the U.S. for deploying Ryuk ransomware and faces a potential 15-year prison sentence.
11 de julio de 2026
Condena histórica: miembro de la banda Ryuk ransomware admite su culpa
Un ciudadano armenio se declara culpable en EE. UU. por el despliegue de ransomware Ryuk, enfrentando una posible sentencia de 15 años de prisión.
10 de julio de 2026
Hackers exploten Microsoft Entra: Nova vulnerabilitat en passkeys
Un grup d'actors maliciosos utilitza enginyeria social per comprometre comptes de Microsoft 365 mitjançant falsos registres de passkeys a Entra.
Loading comments...