Severity: CRITICAL

The ShinyHunters extortion group exploited an unpatched zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft to breach enterprise systems, primarily targeting universities. The group stole sensitive data and then demanded payment to prevent its public release. This campaign, tracked by Mandiant as UNC6240, occurred before Oracle released an advisory, highlighting the risk of unpatched critical software in higher education.

Source: The Hacker News