CVE-2026-35273: ShinyHunters Spent 14 Days Inside University Networks Using an Oracle PeopleSoft Zero-Day — Before Oracle Said a Word
ShinyHunters (UNC6240) exploited a CVSS 9.8 zero-day in Oracle PeopleSoft for 14 days before Oracle published a single word of warning. CVE-2026-35273 requires no credentials and no user interaction — just a crafted HTTP request to the Environment Management Hub. ~300 PeopleSoft installations compromised across 100+ organizations. 68% universities. University of Nottingham confirmed: ~500,000 student records stolen. Mandiant confirmed the gadget chain. Patch now and check your PSEMHUB logs back to May 27.