Key facts
- A zero-day vulnerability in PeopleSoft is being exploited.
- Threat actors are stealing data from affected organizations.
- The ShinyHunters group claims to have breached over 100 organizations.
- One victim reportedly lost 48GB of data.
- Stolen data has been published on the ShinyHunters data leak site.
- Oracle has alerted customers to the critical vulnerability.
- Educational institutions are among the victims.
- The vulnerability is described as critical and unpatched.
A critical zero-day vulnerability in Oracle's PeopleSoft software is being actively exploited by threat actors, leading to data theft from hundreds of organizations. The ShinyHunters group has claimed responsibility for breaching over 100 organizations, including educational institutions, by exploiting this unpatched flaw. One reported victim has lost 48GB of data, which has subsequently been published on the ShinyHunters data leak site. Oracle has issued alerts to its customers regarding the critical nature of this vulnerability and the ongoing exploitation. The exploit targets a flaw that was previously unknown, hence the term 'zero-day'. The full extent of the breach is still being assessed, but the number of affected organizations is significant, impacting various sectors including education.