AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Oracle PeopleSoft zero‑day fuels ShinyHunters extortion spree

infonews

security

Source: CSO OnlineJune 12, 2026

Summary

Attackers exploited a critical zero-day vulnerability (CVE-2026-35273, an unpatched security flaw) in Oracle PeopleSoft's Environment Management component to break into over 100 organizations, primarily universities, and steal sensitive data including billing records and student finance information. The ShinyHunters group used the RCE (remote code execution, the ability to run commands on systems they don't own) flaw to gain initial access, then deployed a disguised remote monitoring tool to maintain control and extract data. Oracle issued a security advisory on June 10, 2026, urging customers to patch immediately.

Solution / Mitigation

Oracle advised upgrading PeopleSoft Enterprise PeopleTools to supported versions (the vulnerability affects versions 8.61 and 8.62, and mitigations are only available for supported versions). Organizations using earlier versions were specifically advised to upgrade to supported versions.

Classification

Attack SophisticationModerate

Monthly digest — independent AI security research

Original source: https://www.csoonline.com/article/4184408/oracle-peoplesoft-zero%e2%80%91day-fuels-shinyhunters-extortion-spree.html

First tracked: June 12, 2026 at 08:00 AM

Classified by LLM (prompt v3) · confidence: 95%