A critical vulnerability (CVE-2026-35273) in Oracle’s PeopleSoft software has been exploited by the ransomware group ShinyHunters, targeting about 100 organizations, predominantly in the higher education sector. The vulnerability, which has a severity rating of 9.8 out of 10, is linked to server-side request forgery (SSRF), allowing unauthorized requests from affected servers.
Reports indicate that the group has been active since May 27, with one victim, the University of Nottingham, confirming a data breach involving significant student data exposure. Despite Oracle providing temporary mitigation, a full patch is still pending. Mandiant and Rapid7 are advising organizations to take immediate precautions as the attackers have reportedly stolen gigabytes of data, revealing ongoing targeting of PeopleSoft systems.