Live Roundups Editor's Desk Insights Executive Ops Weather About 🔍
Home Education ShinyHunters claims it hacked 100 orgs by exploiting an...
Education

ShinyHunters claims it hacked 100 orgs by exploiting an Oracle PeopleSoft 0-day

ShinyHunters claims it hacked 100 orgs by exploiting an Oracle PeopleSoft 0-day
The Register Thursday 11 June 2026, 19:01 UTC 2 min read
Key Points

Data theft and extortion group ShinyHunters claims to have exploited a critical Oracle PeopleSoft bug as a zero-day to compromise more than 100 organizations, including the University of Nottingham, across 300 vulnerable instances. A spokesperson for the cybercrime crew on Thursday told The Register that they exploited CVE-2026-35273 to break into the university’s PeopleSoft system and steal 40 GB of personal data and billing records belonging to hundreds of thousands of current and former...

Data theft and extortion group ShinyHunters claims to have exploited a critical Oracle PeopleSoft bug as a zero-day to compromise more than 100 organizations, including the University of Nottingham, across 300 vulnerable instances. A spokesperson for the cybercrime crew on Thursday told The Register that they exploited CVE-2026-35273 to break into the university’s PeopleSoft system and steal 40 GB of personal data and billing records belonging to hundreds of thousands of current and former students. ShinyHunters posted the UK university on its data leak site on Tuesday before publishing the stolen files later that same day, presumably because the school refused to pay the extortion demand. “University of Nottingham on our leak site is one of the first publicly confirmed incidents,” a ShinyHunters spokesperson told us. “We have only just started outreach to affected orgs and are actively looking to reach an agreement with affected orgs.” They didn’t say when they planned to post the other 100 or so claimed victims. PeopleSoft is a widely used enterprise software suite that large corporations and institutions use to manage their human resources, payroll and billing applications, supply chains, and student records. CVE-2026-35273 is a 9.8 CVSS-rated vulnerability that allows remote, unauthenticated attackers with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools and fully take over the platform. On Wednesday, a day after ShinyHunters leaked the school’s data, the University of Nottingham confirmed the breach and Oracle issued an out-of-band security alert. It’s unclear, however, if the software provider has issued a patch to fix the security flaw. The Register reached out to Oracle, and did not receive any response to our questions. Google-owned Mandiant Chief Technology Officer Charles Carmakal, in a brief LinkedIn post on Thursday, warned that PeopleSoft was one of two zero-day vulnerabilities “actively being exploited in the wild.” “Oracle released mitigations,” Carmakal wrote. “Patches should come soon.” The other zero-day, for the record, is this Cisco Catalyst SD-WAN Manager vulnerability.®
Oracle (ORG) ShinyHunters (ORG) Oracle PeopleSoft (ORG) the University of Nottingham (ORG) Register (ORG) CVE-2026 (ORG) PeopleSoft (ORG) GB (LOCATION) UK (LOCATION) University of Nottingham (ORG) PeopleSoft Enterprise PeopleTools (ORG) Mandiant (ORG) Charles Carmakal (PERSON) Carmakal (PERSON) Cisco Catalyst SD-WAN (ORG)
Originally published by The Register Read original →

Related Stories

'I've always been the best player. ... That'll cha...

ROCK HILL, S.C. -- Beckham Black trots down the shiny hardwood floor at the Rock Hill Sports & Event Center, dipping past defenders and dodging traps before darting down the lane and finishing with a picturesque layup. Then he did it again and, through different variations of juke moves, again, firmly entrenching himself as one of the top players at the NBPA Top 100 Camp. The dominance was a carryover from the Nike EYBL season and a high school campaign that saw him average 21 points, 10...

ESPN 1h ago

High social media use linked to 'small' increase in depressive symptoms in teens

High social media use linked to 'small' increase in depressive symptoms in teens Fri 12 Jun 2026 at 5:15am In short: A study by the Murdoch Children's Research Institute has found young people who spent at least two hours a day on social media were more likely to have mental health side effects. About 1,200 Melbourne school students were asked to self-report their social media usage and mental health for almost a decade. The findings showed a "small increased risk" in depressive symptoms and...

ABC Australia 1h ago

Three children among four killed in horror car crash on school trip

Three children among four killed in horror car crash on school trip Three children were among four killed during a school trip after a car collided with a group of cyclists in the rural southern Netherlands, with a 19-year-old man arrested Three children and one adult have been killed in a horror collision between a car and a group of cyclists in a rural area of the Netherlands. The group were on a school trip when they were struck by the vehicle near the village of Vogelwaarde, close to the...

Daily Mirror 1h ago

Former AP reporter Marlene Louise Johnson, who sued wire for discrimination, dies at age 89

Former AP reporter Marlene Louise Johnson, who sued wire for discrimination, dies at age 89 Former Associated Press reporter Marlene Louise Johnson, whose lawsuit against the wire service for race and gender discrimination led to affirmative action plans to spur hiring of female, Black and Hispanic journalists, has died at 89 - Bookmark Former Associated Press reporter Marlene Louise Johnson, whose lawsuit against the wire service for race and gender discrimination led to affirmative action...

The Independent World 1h ago