A major cybersecurity crisis is unfolding as Oracle has issued an emergency warning about a critical zero-day vulnerability in its PeopleSoft enterprise software a flaw that the notorious hacking group ShinyHunters has already weaponized to breach more than 100 organizations worldwide. The attack, confirmed by Google’s Mandiant security unit, represents one of the most significant enterprise software breaches of 2026.

What Is the Oracle PeopleSoft Zero-Day?

Oracle’s PeopleSoft is widely used by large corporations, universities, and government agencies to manage payroll, human resources, and financial operations. The vulnerability, tracked as CVE-2026-35273, allows attackers to exploit PeopleSoft servers over the internet without any authentication meaning no password or credentials are required to gain access. Oracle published a security advisory on Thursday, June 11, 2026, but has not yet released a patch at the time of writing.

The company is urging all PeopleSoft customers to apply available mitigations immediately while a full patch is being developed.

ShinyHunters: The Gang Behind the Attack

ShinyHunters is a well-known cybercrime group with a history of large-scale data theft operations. In this campaign, the group identified the zero-day vulnerability and systematically targeted organizations running vulnerable PeopleSoft servers. A ShinyHunters member told TechCrunch that the gang compromised companies by exploiting the unpatched flaw a classic zero-day attack where the vendor has no time to fix the bug before it is discovered and exploited in the wild.

The group’s modus operandi is to steal sensitive corporate or customer data and then threaten to release it publicly unless victims pay a ransom. In previous campaigns, ShinyHunters targeted companies using Salesforce, Gainsight, and education technology giant Instructure the latter of which paid the hackers after being breached twice.

Education Sector Hit Hardest

According to Mandiant, approximately two-thirds of the 100+ affected organizations are in higher education universities and colleges across the United States. The hackers claimed to have stolen “hundreds of thousands of student records” containing full names, home addresses, phone numbers, emails, dates of birth, gender, ethnicity, enrollment status, GPA, major, and student IDs.

Google’s Mandiant unit has notified more than 100 global organizations of their potential exposure and is working to help them restrict access to vulnerable systems. The cybersecurity firm confirmed that while some organizations successfully blocked the attack or remediated the vulnerability, others experienced full compromise, with stolen data already published on ShinyHunters’ data leak website.

Novo Nordisk Also Hit

In a related development, pharmaceutical giant Novo Nordisk flagged a separate cyberattack on June 11, 2026, reporting that patient data from some clinical trials was breached. While not directly linked to the Oracle zero-day, the incident underscores the escalating threat landscape facing enterprises across all sectors.

What Organizations Should Do Now

Apply Oracle’s recommended mitigations for PeopleSoft immediately
Review server logs for the indicator of compromise IP: 51.159.98.241
Isolate vulnerable PeopleSoft instances from public internet access
Monitor for unauthorized data access or exfiltration
Contact Mandiant or your incident response team if compromise is suspected

Industry Impact

This breach highlights a growing trend of supply-chain and enterprise software attacks, where a single vulnerability in widely-used software can cascade into hundreds of simultaneous breaches. The Oracle PeopleSoft zero-day is a stark reminder that even the most established enterprise software vendors are not immune to critical security flaws.

For quality tech news, professional analysis, insights, and the latest updates on technology, follow TechTrib.com. Stay connected and join our fast-growing community.

TechTrib.com is a leading technology news platform providing comprehensive coverage and analysis of tech news, cybersecurity, artificial intelligence, and emerging technology. Visit techtrib.com.

Contact Information: Email: news@techtrib.com or for adverts placement adverts@techtrib.com