Skip to content

JOBUZO

  • News
  • Indonesia
  • Toggle search form
Oracle warns of security bug that hackers abused to breach 100+ companies

Oracle warns of security bug that hackers abused to breach 100+ companies

Posted on 11 June 2026 By jobuzo

Oracle warned its corporate customers that there is a critical-rated vulnerability in its PeopleSoft software, which is used by large companies to manage payroll and human resources, a day after a cybercrime group took credit for abusing the flaw as part of a mass-hacking campaign.

The company published the security advisory on Thursday after the hacking group ShinyHunters claimed to have breached more than 100 organizations that use PeopleSoft servers.

Mandiant, the Google-owned security unit that investigates cyberattacks, warned in a blog post that the new Oracle flaw is the same bug that the ShinyHunters group is abusing in its hacking campaign targeting PeopleSoft customers. 

Oracle, which has not released a patch for the vulnerability at the time of writing, said in the advisory that the bug can be exploited over the internet without needing any authentication, such as a password. 

The tech giant recommended that customers who use PeopleSoft software apply its mitigations to prevent exploitation.

On Wednesday, a ShinyHunters member told TechCrunch that the gang compromised the companies by abusing an unpatched flaw in PeopleSoft servers. The bug is known as a zero-day because the company affected, in this case Oracle, had no time to fix it before it was discovered and exploited.

News :<div>12 weeks' jail for school IT support technician who took upskirt videos of teachers</div>

Mandiant confirmed that it has also notified more than “100 global organizations,” most of them in the United States, in an effort to restrict access to their potentially vulnerable systems. The cybersecurity group said that about two-thirds of these organizations are in higher education, which aligns with what ShinyHunters previously claimed.

“While several organizations successfully blocked the activity or remediated the vulnerabilities, others experienced compromise, resulting in stolen data being published on the ShinyHunters [Data Leak Website],” Mandiant wrote. 

Oracle did not respond to TechCrunch’s request for comment. 

Contact Us

Do you have more information about this hacking campaign? Or other data breaches? We’d love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email.

The ShinyHunters member told TechCrunch this week that some of the hacked organizations are universities and colleges.

The hacker shared a message they said was sent to one of the victim schools, in which the hackers claimed to have stolen “hundreds of thousands of student records containing full name, home address, phone, email, date of birth, gender, ethnicity, enrollment status, GPA, major, and student ID across all campuses,” among other data. 

News :Migrant acquitted in first trial over US border military zones

PeopleSoft, and its customers, are the latest victims in a long series of hacking campaigns where the ShinyHunters gang targeted organizations that all share the same vulnerable software. 

In the last year, the group targeted several companies that use Salesforce and Gainsight, as well as software provided by education giant Instructure, and among others. 

Once the hackers identify vulnerable software and companies that use it, they try to steal corporate or customer data and then threaten to release it unless the victims pay a ransom. 

Earlier this year, education tech company Instructure said it paid the hackers after they breached the company’s systems twice. As part of the hacking campaign, ShinyHunters defaced the login pages of several schools that use Instructure’s popular school information portal Canvas.

When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

Oracle warns of security bug that hackers abused to breach 100+ companies


News

Post navigation

Previous Post: China leads US in everyday AI apps but firms are overvalued, experts say
Next Post: Taylor Swift Is in Full Bloom With Dramatic Slit Dress at Songwriters Hall of Fame Induction

Related Posts

UK and US withdraw military base personnel from Qatar as Trump and Iran exchange threats UK and US withdraw military base personnel from Qatar as Trump and Iran exchange threats News
Rocket Lab eyes big defense opportunities with new acquisition Rocket Lab eyes big defense opportunities with new acquisition News
Paul Wesley Reveals Why He and Nina Dobrev Didn’t Get Along on The Vampire Diaries Paul Wesley Reveals Why He and Nina Dobrev Didn’t Get Along on The Vampire Diaries News

Latest

  • Kylian Mbappé condemns Paraguayan senator over racist remarks after World Cup match
  • Evening storms bring flood risk to DC region Monday
  • How Meghan Markle Became the Most Polarizing Royal of Her Generation
  • ‘You can’t do that’: Trump admits lobbying FIFA boss to review US player’s red card
  • Daily roundup: Li Nanxing brings 6 family recipes to hotel buffet collab — and other top stories today
  • What Travis Kelce’s Ex-Girlfriend Kayla Nicole Was Up to During Taylor Swift Wedding
  • US investors will soon get access to SK Hynix, another memory maker riding the AI boom
  • Vercel CEO Guillermo Rauch on the fight to split off models from agents
  • Alibaba wins reprieve on US lobbying after Pentagon blacklisted companies
  • World Insights: NATO faces deepening fault lines ahead of Ankara summit

Copyright © 2025 JOBUZO. Disclaimers | Privacy Policies

Powered by PressBook Masonry Blogs