Key facts
- Oracle issued a warning about a critical vulnerability in its PeopleSoft software.
- The ShinyHunters hacking group is exploiting this unpatched zero-day flaw.
- Over 100 organizations, many in higher education, have been targeted.
- The vulnerability allows unauthenticated internet exploitation.
- Stolen data has been published by ShinyHunters from compromised systems.
Oracle has alerted its corporate customers to a critical vulnerability within its PeopleSoft software, a system widely used for human resources and payroll management. The warning came after the cybercrime group ShinyHunters claimed responsibility for breaching more than 100 organizations by exploiting this flaw.
Mandiant, a cybersecurity firm owned by Google, confirmed that the vulnerability being abused by ShinyHunters is the same critical bug affecting PeopleSoft customers. The flaw is classified as a zero-day, meaning it was exploited before Oracle could release a fix. Oracle's advisory stated that the vulnerability can be exploited remotely without any form of authentication.