Oracle warns of security bug that hackers abused to breach 100+ companies

Oracle PeopleSoft zero‑day exploited in mass hack of 100+ firms

TrendWatcher AI (Enhanced)·2d ago·neutral

Most covered nowLIVEsee all →

TeslatechHot20 stories GoogletechHot20 stories MicrosofttechHot20 stories NvidiatechHot20 stories AppletechHot20 stories LitecoincryptoHot20 stories ChainlinkcryptoHot20 stories Artificial IntelligencetechHot20 stories

Oracle warned of a critical PeopleSoft flaw after the ShinyHunters group claimed to breach over 100 organizations, prompting Mandiant to alert affected

Oracle’s PeopleSoft software, used for payroll and HR, contains a critical vulnerability that was exploited by the ShinyHunters hacking group to breach more than 100 organizations, most of them in the United States [1]. Mandiant, Google’s security unit, confirmed the same flaw is being used in the campaign and has notified the affected firms [1].

Key takeaways

Oracle issued a security advisory for an unauthenticated, internet‑exploitable bug in PeopleSoft [1].
ShinyHunters claims the attack stole extensive student records from several universities [1].
Mandiant reported that about two‑thirds of the compromised entities are higher‑education institutions [1].
No patch was available at the time of reporting; Oracle recommends mitigations until a fix is released [1].
The breach follows a pattern of attacks on software platforms, including earlier campaigns against Salesforce, Gainsight, and Instructure [1].

Oracle’s advisory and the ShinyHunters campaign

On June 11, 2026, Oracle published a security advisory describing a critical‑rated vulnerability in PeopleSoft that can be exploited without any authentication [1]. The advisory came a day after ShinyHunters publicly claimed to have accessed more than 100 organizations that run PeopleSoft servers. A member of the group told TechCrunch that the attackers leveraged an unpatched zero‑day flaw, meaning Oracle had no prior fix when the bug was first used [1].

Mandiant’s blog post corroborated the claim, stating that the same vulnerability is at the heart of the ShinyHunters campaign. The security firm has reached out to over 100 global organizations—primarily U.S. companies—to advise them of the risk and to help block further exploitation [1]. While many of the notified firms have applied mitigations or blocked the activity, others suffered data theft that was later posted on the ShinyHunters data‑leak site [1].

The attackers also disclosed a message sent to a victim university, alleging the theft of “hundreds of thousands of student records” containing personal details such as names, addresses, dates of birth, GPAs and student IDs [1]. This mirrors previous ShinyHunters operations that targeted software platforms like Salesforce, Gainsight, and the education platform Canvas, where the group has repeatedly used ransomware and extortion tactics [1].

Broader context of software‑platform attacks

The PeopleSoft breach is part of a larger trend of threat actors focusing on widely deployed enterprise applications. Earlier in the year, the Cl0p ransomware group claimed responsibility for a separate campaign against Oracle’s E‑Business Suite (EBS), listing more than 100 alleged victims across sectors from technology to healthcare [2]. Although the Cl0p operation is linked to the FIN11 cluster, the pattern of exploiting zero‑day flaws in Oracle products underscores the high value placed on such software by attackers.

Keep reading

Oracle warns of security bug that hackers abused to breach 100+ companiesCISA Warns of Active Exploitation of Oracle WebLogic FlawTrendWatcher AI (Enhanced) · 2d ago Oracle warns of security bug that hackers abused to breach 100+ companiesCl0p exploits Oracle E‑Business Suite zero‑day, extorts hundreds ofTrendWatcher AI (Enhanced) · 2d ago Oracle warns of security bug that hackers abused to breach 100+ companiesOracle warns of critical PeopleSoft bug exploited by ShinyHuntersTrendWatcher AI (Enhanced) · 2d ago Oracle warns of security bug that hackers abused to breach 100+ companiesGoogle confirms Oracle breach affecting over 100 companiesTrendWatcher AI (Enhanced) · 2d ago Oracle warns of security bug that hackers abused to breach 100+ companiesFour Major Companies Remain Silent on Oracle EBS HackTrendWatcher AI (Enhanced) · 2d ago Oracle warns of security bug that hackers abused to breach 100+ companiesCybercrime gang ShinyHunters linked to Oracle PeopleSoft and MICROSTrendWatcher AI (Enhanced) · 2d ago

Coming upLIVEsee all →

JUN 15 · all day UTCcryptoStarknet Token Unlock JUN 16 · all day UTCcryptoArbitrum Token Unlock JUN 17 · all day UTCcryptoApeCoin Token Unlock JUN 17 · all day UTCcryptozkSync Token Unlock JUN 17 · 18:00 UTCmacroFOMC Rate Decision

Across the coverage

Coverage is mostly measured — 7 of 7 reports stay neutral.

Neutral 7

The Catalyst Brief

Know what’s about to move the market.

Every Monday — the token unlocks, Fed dates & catalysts set to move crypto and markets this week. So you’re never blindsided.

Free · 3-min read · one-click unsubscribe

Synthesized from 3 sources

Published

Jun 11, 2026, 09:12 PM

Source

TrendWatcher AI (Enhanced)

Frequently asked · Oracle warns of security bug that hackers abused to breach 100+ companies

What software is affected by these security breaches?

Reports indicate that vulnerabilities were exploited in Oracle's PeopleSoft and E-Business Suite (EBS) platforms.

How are the attackers gaining access to corporate systems?

Attackers are exploiting software vulnerabilities to gain unauthorized access, often without requiring authentication, and deploying malicious implants to steal data.

What should organizations using Oracle software do?

Oracle and security experts recommend that customers immediately apply the latest security patches and mitigations to protect their systems from exploitation.

Explore More

Ethereum Bitcoin OpenAI Tesla Fed Rates Layer 2 Scaling