Oracle Warns of
Critical PeopleSoft Flaw Exploited in Mass Hacking Campaign
News Desk
15 June 2026, 15:49
Oracle has warned customers about a critical vulnerability in its PeopleSoft software after the cybercrime group ShinyHunters claimed to have exploited the flaw to breach more than 100 organizations.
Large companies and educational institutions widely use PeopleSoft to manage payroll and human resources.
According to Oracle, the vulnerability can be exploited remotely over the internet without requiring authentication, making it particularly dangerous. The company has not yet released a security patch and has instead urged customers to apply mitigation measures immediately.
The flaw is considered a zero-day vulnerability because hackers discovered and exploited it before Oracle had an opportunity to fix it.
More Than 100 Organizations Targeted
Mandiant, Google's cybersecurity unit, said the vulnerability ShinyHunters is exploiting is the same bug highlighted in Oracle's advisory.
Mandiant said it has notified more than 100 organizations worldwide that may have been exposed to the attacks. Most of the affected organizations are located in the United States, and roughly two-thirds are from the higher education sector.
The security firm said some organizations successfully blocked the attacks or fixed the issue in time. Others, however, suffered breaches and had their data published on the hackers' leak site.
Student Data Allegedly Stolen
A member of ShinyHunters told TechCrunch that several universities and colleges were among the victims.
The hacker reportedly shared a message sent to one of the affected schools claiming that the group had stolen hundreds of thousands of student records. The data allegedly included names, home addresses, phone numbers, email addresses, dates of birth, gender, ethnicity, enrollment status, GPA, majors and student identification numbers.
The claims have not been independently verified.
Part of a Larger Campaign
The PeopleSoft attacks are the latest in a series of campaigns by ShinyHunters targeting organizations that rely on the same software platforms.
Over the past year, the group has targeted companies using software from Salesforce, Gainsight and education technology provider Instructure.
The hackers typically identify widely used software vulnerabilities, steal customer or corporate data and then demand ransom payments to prevent the information from being leaked.
Earlier this year, Instructure confirmed that it paid the hackers after suffering two separate breaches. During that campaign, ShinyHunters also defaced login pages for several schools using the company's Canvas learning platform.
No Patch Yet
Oracle has not announced when a security patch will become available.
Until then, cybersecurity experts are urging organizations using PeopleSoft to implement Oracle's recommended mitigations immediately and monitor their systems for signs of compromise.
