Google/Mandiant is urging organizations running Oracle PeopleSoft to take a number of actions to harden their systems following an active Oracle PeopleSoft compromise and extortion campaign from ShinyHunters, which apparently exploited a zero-day flaw.

"Mandiant and Google Threat Intelligence Group (GTIG) have identified an active compromise and extortion campaign attributed to UNC6240 (ShinyHunters) targeting Oracle PeopleSoft application infrastructure. The activity was observed between May 27, 2026, and June 9, 2026 and is consistent with the exploitation of CVE-2026-35273, a critical remote code execution vulnerability (CVSS 9.8) in the Environment Management component. The exploitation of this vulnerability directly aligns with the observed targeting of Environment Management Hub (PSEMHUB) endpoints. Because this activity predates Oracle's June 10, 2026 advisory, the vulnerability was exploited as a zero-day."

https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit

ShinyHunters colpisce le università americane con uno zero-day Oracle PeopleSoft: l’operazione UNC6240 analizzata da Mandiant

https://insicurezzadigitale.com/shinyhunters-colpisce-le-universita-americane-con-uno-zero-day-oracle-peoplesoft-loperazione-unc6240-analizzata-da-mandiant/

⚠️ ShinyHunters claims it hacked 100 orgs by exploiting an Oracle PeopleSoft 0-day

｢ A spokesperson for the cybercrime crew on Thursday told The Register that they exploited CVE-2026-35273 to break into the university’s PeopleSoft system and steal 40 GB of personal data and billing records belonging to hundreds of thousands of current and former students ｣

https://www.theregister.com/cyber-crime/2026/06/11/shinyhunters-claims-oracle-peoplesoft-0-day-hit-100-orgs/5254443

#ShinyHunters #PeopleSoft #oracle #CVE202635273

📰 Oracle Rushes Emergency Patch for PeopleSoft Zero-Day Exploited by ShinyHunters

🚨 URGENT: Oracle issues an emergency patch for a critical PeopleSoft zero-day (CVE-2026-35273) actively exploited by the ShinyHunters group. The RCE flaw is being used in data theft attacks, mainly targeting universities. #ZeroDay #Oracle #PeopleSof...

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/oracle-issues-emergency-patch-for-peoplesoft-zero-day-cve-2026-35273/?u…

Oracle PeopleSoft Zero-Day Sparks Alarm as ShinyHunters Allegedly Linked to Active Exploitation Campaign + Video

Oracle has issued a warning regarding a newly disclosed critical security vulnerability tracked as CVE-2026-35273, a flaw affecting PeopleSoft PeopleTools versions 8.61 and 8.62. The vulnerability reportedly allows unauthenticated remote code execution, creating a serious risk for organizations that rely on PeopleSoft environments to manage sensitive…

https://undercodenews.com/oracle-peoplesoft-zero-day-sparks-alarm-as-shinyhunters-allegedly-linked-to-active-exploitation-campaign-video/?utm_source=mastodon&utm_medium=jetpack_social

Oracle PeopleSoft Zero-Day CVE-2026-35273 Exposes Enterprise Giants to Remote Code Execution as ShinyHunters Intensify Attacks + Video

Introduction: A Quiet Enterprise Backbone Suddenly Under Fire Oracle’s enterprise ecosystem rarely makes mainstream headlines unless something breaks at scale, yet this time the silence has been shattered. A newly disclosed vulnerability in Oracle Oracle’s PeopleSoft platform has escalated into a high-risk security concern after…

https://undercodenews.com/oracle-peoplesoft-zero-day-cve-2026-35273-exposes-enterprise-giants-to-remote-code-execution-as-shinyhunters-intensify-attacks-video/?utm_source=mastodon&utm_medium=jetpack_social

Threat actors are exploiting a critical Oracle PeopleSoft vulnerability (CVE-2026-35273) to infiltrate enterprise environments, steal sensitive data, and extort victims.
Oracle PeopleSoft is a software used by large organizations to manage business operations, including HR, payroll, finance, supply chain, and campus administration. Universities have been the main targets of the campaign.

CVE-2026-35273 (CVSS 9.8) enables unauthenticated RCE in Oracle PeopleSoft Environment Management, affecting versions 8.61/8.62. ShinyHunters exploited this to extract 40GB from universities—student records, payroll, financial aid...

https://captechgroup.com/about-us/threat-intelligence-center/oracle-peoplesoft-zero-day-fuels-shinyhunters-exto-ed25c0?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=oracle-peoplesoft-zero-day-fuels-shinyhunters-extortion-spree

⚠️ CRITICAL: Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks

Oracle released an emergency advisory for CVE-2026-35273, a critical unauthenticated RCE in PeopleSoft PeopleTools 8.61 and 8.62. ShinyHunters has reportedly exploited this vulnerability across 300+ instances at 100+ organizations. Oracle released mitigations only, not a full patch, and active expl…

https://threatnoir.com/focus

#infosec #cybersecurity

The ShinyHunters threat group has exploited a critical zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft to target over 100 organizations, primarily in the higher education sector. Mandiant reports that attackers used this remote-code execution flaw to compromise systems and steal sensitive data for potential phishing and extortion.
https://www.cybersecuritydive.com/news/shinyhunters-exploitation-critical-flaw-oracle-peoplesoft/822796/

An Ivanti Sentry RCE enters exploitation hours after a detailed write-up goes live

https://www.cisa.gov/news-events/alerts/2026/06/11/cisa-adds-one-known-exploited-vulnerability-catalog

https://labs.watchtowr.com/more-evidence-that-words-dont-mean-what-we-thought-they-meant-ivanti-sentry-pre-auth-os-command-injection-cve-2026-10520/

Ivanti Under Siege: Critical CVE-2026-10520 Exploited Within Hours as Attackers Race Ahead of Defenders + Video

A Dangerous Reality Emerges for Ivanti Customers The cybersecurity world witnessed yet another alarming reminder of how quickly threat actors can weaponize newly disclosed vulnerabilities. Less than 24 hours after Ivanti publicly revealed a critical security flaw affecting its Sentry platform, attackers were already exploiting the weakness in real-world…

https://undercodenews.com/ivanti-under-siege-critical-cve-2026-10520-exploited-within-hours-as-attackers-race-ahead-of-defenders-video/?utm_source=mastodon&utm_medium=jetpack_social

� Ivanti Sentry Zero-Day Panic: CISA Forces Emergency 3-Day Patch as Active Exploitation Spreads Across Federal Networks + Video

Introduction: A Critical Cyber Moment for U.S. Infrastructure Security A newly discovered maximum-severity vulnerability in Ivanti’s Sentry security gateway has triggered a fast-moving emergency response across U.S. federal cybersecurity systems. The issue, tracked as CVE-2026-10520, is not just another software bug. It represents an actively…

https://undercodenews.com/%ef%bf%bd-ivanti-sentry-zero-day-panic-cisa-forces-emergency-3-day-patch-as-active-exploitation-spreads-across-federal-networks-video/?utm_source=mastodon&utm_medium=jetpack_social

⚠️ CRITICAL: Ivanti Sentry OS command injection (CVE-2026-10520) enables remote root execution via exposed mgmt port 8443. Only honeypot hits so far — patch versions 10.5.2, 10.6.2, 10.7.1+ ASAP & restrict access! https://radar.offseq.com/threat/ivanti-sentry-exploitation-attempts-hitting-honeyp-ce849175 #OffSeq #Ivanti #Vuln #Infosec

⚠️ CRITICAL: Max severity Ivanti Sentry vulnerability now exploited in attacks

Attackers are actively exploiting CVE-2026-10520, a maximum-severity OS command injection flaw in Ivanti Sentry security gateways. This vulnerability allows unauthenticated remote code execution with root privileges on internet-exposed instances. Many appliances were backdoored immediately after Iv…

https://threatnoir.com/focus

#infosec #cybersecurity

CVE-2026-44494 - Critical Prototype Pollution in Axios. Escalates to full MITM, intercepting HTTP traffic & credentials. CVSS 8.7. No patch available. Update to 1.16.0+ or mitigate immediately. #CVE #Axios #infosec

https://www.valtersit.com/cve/CVE-2026-44494/

Zwei Argumente, Google Chrome NICHT zu verwenden

Das eine Argument ist schon lange bekannt: #Chrome ist ein Ausbund an Unsicherheit. Nicht nur enthält Chrome ungewöhnlich viele Sicherheitslücken, sondern auch ungewöhnlich gefährliche. Wir schreiben den sechsten Monat des Jahres, und Google musste in diesem Jahr schon die fünfte bereits ausgenutzte #Zero-Day Sicherheitslücke flicken! CVE-2026-11645 steckt in der JavaScript Maschine V8, die schon öfter mit Sicherheitslücken aufgefallen ist. Google gibt wie üblich nicht viele Informationen über die Art der Lücke heraus, damit das schreiben von Exploits nicht allzu einfach wird. Aber "out-of-bounds memory access", also Zugriff auf

https://www.pc-fluesterer.info/wordpress/2026/06/12/zwei-argumente-google-chrome-nicht-zu-verwenden/

#0day #browser #cybercrime #google #sicherheit #UnplugGoogle #werbung #wissen

CISA has added CVE-2026-11645 (Chromium V8 Out-of-Bounds flaw) to its KEV catalog. The Cyber Mind Co™ has deployed a strategic corporate risk brief and 12-point endpoint hardening runbook to secure your perimeter. Review the threat vector architecture now: https://thecybermind.co/ycvy

Russia-aligned groups are still exploiting a patched WinRAR flaw (CVE-2025-8088) to target Ukrainian organisations with stealer malware and espionage toolchains. 🔐
The attacks use crafted archives and persistence tricks, showing how delayed patching keeps known entry points open. 🧩

🔗 https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html

#TechNews #Cybersecurity #WinRAR #RAR #ZIP #Ukraine #Russia #Ukrainian #Russianinvasion #CVE2025 #CVE #Malware #Infostealer #Espionage #Hacking #ThreatIntel #Security #Infosec #APT #Patch

📰 Russian APTs Persistently Exploit Year-Old WinRAR Flaw in Attacks on Ukraine

Russian APTs, including Gamaredon, are still exploiting a year-old WinRAR flaw (CVE-2025-8088) to attack Ukrainian government & military targets. The attacks deliver infostealers and espionage tools. 🇷🇺🇺🇦 #APT #Gamaredon #Ukraine #CyberWarfare

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/russian-apts-exploit-old-winrar-flaw-against-ukraine/?utm_source=mastodon&utm_me…

Our CTI team identified a lot of activities targeting Check Point Identity Agent (CVE-2026-10847) https://vuldb.com/vuln/370390/cti

CVE-2026-10847 - Privilege Escalation in Check Point Identity Agent. Local authenticated user can execute code with SYSTEM privileges. CVSS 7.8. No patch available. Restrict access immediately. #CVE #CheckPoint #infosec

https://www.valtersit.com/cve/CVE-2026-10847/

CVE-2026-45060 - Critical unauthenticated blind SQLi in ClipBucket v5. CVSS 9.8. Attackers can exfiltrate sensitive data via the ids parameter. Update to 5.5.3 - #129 immediately. #CVE #infosec #ClipBucket

https://www.valtersit.com/cve/CVE-2026-45060/

⚠️ CRITICAL: CVE-2026-45060 impacts ClipBucket v5 (<5.5.3) — unauthenticated blind SQL injection in progress_video.php lets attackers run arbitrary queries. Upgrade to 5.5.3+ to protect sensitive data! https://radar.offseq.com/threat/cve-2026-45060-cwe-89-improper-neutralization-of-s-b8ad08b0 #OffSeq #SQLInjection #Vuln #ClipBucket

Thai Duong, who co-discovered the BEAST and CRIME attacks against TLS, just reported CVE-2026-45447 in OpenSSL. A PKCS#7 or S/MIME signed message whose digestAlgorithms field is an empty ASN.1 SET makes PKCS7_verify() free a BIO the caller still owns. The result ranges from a crash to heap corruption to remote code execution. Fixes land in 4.0.1, 3.6.3, 3.5.7, 3.4.6, and 3.0.21. If you verify untrusted signed mail, what's blocking your upgrade?

#OpenSSL #security

ITScape CVE-2026-46316 Guest-to-Host Breakout Threat and RoguePlanet Windows SYSTEM Escalation Chain Reshape Cloud and Endpoint Security Landscape + Video

Introduction: A Rising Wave of Virtualization and Windows Privilege Abuse The latest cybersecurity intelligence circulating across threat feeds highlights two separate but deeply concerning developments. On one side, a virtualization escape vulnerability identified as CVE-2026-46316 is shaking confidence in…

https://undercodenews.com/itscape-cve-2026-46316-guest-to-host-breakout-threat-and-rogueplanet-windows-system-escalation-chain-reshape-cloud-and-endpoint-security-landscape-video/?utm_source=mastodon&utm_medium=jetpack_social