PeopleSoft 0-day vulnerability exploited by ransomware group
Original: PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data
Why This Matters
Critical enterprise software vulnerability highlights widespread exposure risks in education sector
ShinyHunters ransomware group exploited critical Oracle PeopleSoft vulnerability CVE-2026-35273 (severity 9.8/10) for over two weeks, targeting 300 endpoints across 100 organizations, stealing gigabytes of data including from University of Nottingham.
The ShinyHunters ransomware group exploited a critical server-side request forgery (SSRF) vulnerability in Oracle's PeopleSoft software suite, tracked as CVE-2026-35273 with a severity rating of 9.8 out of 10. Google's Mandiant security team confirmed the group had been exploiting the zero-day since May 27, targeting approximately 300 endpoints belonging to 100 organizations. About 68% of targeted organizations were in the higher education sector. The University of Nottingham confirmed it was compromised, with ShinyHunters publishing gigabytes of stolen student data on their data leak site. Oracle has issued a stopgap mitigation but no full patch yet. The attackers used reconnaissance tools to map PeopleSoft configurations and established SSH connections to their data leak site at IP 176.120.22.24.