Last mentioned: 13h ago
Google Confirms Exploitation
Google Threat Intelligence Group publicly confirms zero‑day exploitation by ShinyHunters and notifies over 100 affected organizations.
Google/Mandiant publish findings
Google’s threat intelligence blog details the campaign, attribution, and sector impact.
Oracle Releases Out‑of‑Band Advisory
Oracle publishes mitigations for CVE-2026-35273 and warns customers to apply them immediately, but no full patch is provided.
Oracle issues security advisory
Oracle publishes a patch and advisory for the PeopleSoft vulnerability, closing the zero-day window.
Campaign window closes
Last observed exploitation activity before Oracle issues its advisory.
Campaign begins
ShinyHunters starts active scanning and exploitation of the Oracle PeopleSoft zero-day.
Zero‑Day Exploitation Begins
According to Google and Mandiant, ShinyHunters starts actively exploiting CVE-2026-35273 to compromise PeopleSoft instances.
Attack Campaign Window
ShinyHunters targets ~300 instances across 100+ organizations, focusing on education sector. Deploys MeshCentral agents and lateral movement scripts.
Google and Mandiant confirm active exploitation of CVE-2026-35273, a critical unauthenticated RCE flaw in Oracle PeopleSoft. The ShinyHunters group compromised roughly 300 instances, with the higher education sector bearing 68% of the impact. Oracle has only released mitigations, leaving organizations exposed to data theft and extortion.
An active extortion campaign by ShinyHunters exploited a zero-day vulnerability in Oracle PeopleSoft, with Google notifying over 100 organizations—68% in higher education. The attackers used customized MeshCentral agents for C2, actions occurring before Oracle’s June 10 advisory. This highlights the growing threat of zero-day exploitation in widely used enterprise software and the education sector’s vulnerability.