A newly disclosed Oracle PeopleSoft zero-day became the weapon of choice in a recent ShinyHunters extortion campaign that primarily targeted universities and other educational institutes.
Attackers exploited the critical remote code execution (RCE) flaw in PeopleSoft’s Environment Management component that Oracle started warning customers about on June 10, 2026. In an advisory, the company urged immediate patching with no indication that the flaw is being actively exploited.
Google Cloud’s threat intelligence team (GTIG) said the attack unfolded between May 27 and June 9, before Oracle publicly acknowledged the issue. Google said it notified more than 100 organizations whose internet facing ...