Mandiant and Google Threat Intelligence Group (GTIG) have issued a critical warning after identifying an active compromise-and-extortion campaign targeting Oracle PeopleSoft infrastructure, attributed to the notorious threat actor UNC6240, also known as ShinyHunters. The campaign exploited CVE-2026-35273, a critical unauthenticated remote code execution (RCE) vulnerability with a CVSS score of 9.8, as a zero-day before […]
The post Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters appeared first on Cyber Security News.