ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed

A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.

June 12, 2026

ShinyHunters used a zero-day vulnerability in Oracle's PeopleSoft software suite to steal data from potentially more than 100 organizations.

PeopleSoft is an enterprise resource planning (ERP) application suite used for things like payroll, supply chain management, human resources (HR), and student administration. It's primarily oriented to large businesses and organizations, such as government entities and higher education institutions.

From May 27 to June 9, 2026, the ShinyHunters extortion gang exploited a zero-day vulnerability in PeopleTools, PeopleSoft's underlying integrated development environment (IDE) and runtime platform, according to new research from Mandiant and the Google Threat Intelligence Group (GTIG). More specifically, the vulnerability is located in the Environment Management Hub (EMHub), a backend service that tracks and manages agents across PeopleSoft environments. The issue allowed for remote code execution (RCE) without any authentication required. It has since been assigned a label, CVE-2026-35273, and a critical 9.8 CVSS score.