> TritonInfoSec News
Home / Jun 14, 2026 / Story
0
#1 SecurityWeek general June 12, 2026 at 06:44 UTC

Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters

By Eduard Kovacs

AI Summary

ShinyHunters is actively exploiting CVE-2026-35273, a zero-day in Oracle PeopleSoft, confirmed by Google's threat intelligence team. The group has been leveraging the unpatched flaw since late May to steal gigabytes of data from hundreds of organizations, with a disproportionate impact on American universities. Oracle has mitigated the vulnerability but has not publicly acknowledged in-the-wild exploitation, leaving defenders with limited vendor guidance.

Read full article → https://www.securityweek.com/google-confirms-explo…

Relevance score: 88.0/100

# More from June 14

  1. 2
    ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw CyberScoop
  2. 3
    400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer The Hacker News
  3. 4
    Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication The Hacker News
  4. 5
    Chinese hackers hijack auth flow, spy on isolated network for a decade BleepingComputer
  5. 6
    FBI takes down massive China-based cybercrime network that caused $1.9B in losses CyberScoop
  6. 7
    Ivanti Sentry Exploitation Attempts Hitting Honeypots SecurityWeek
  7. 8
    U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals The Hacker News
  8. 9
    Over 400 Arch Linux packages compromised to push rootkit, infostealer BleepingComputer
  9. 10
    phpBB forum fixes auth bypass bug lurking for a decade BleepingComputer