The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and dates the activity...

#Sicherheitslücke #Databreach #Update

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

VERWANDTEARTIKEL

Maine breach portal abused to publish fake data breach disclosures

CVE-2026-49973 - Hermes WebUI < 0.51.358 Unauthenticated Password Takeover via /api/settings

CVE-2026-46489 - SolidInvoice: Unrestricted file upload with no MIME validation allows stored XSS via malicious SVG logo

CVE-2026-46622 - SolidInvoice: API tokens stored as plaintext in the database allowing full credential compromise on database breach

CVE-2026-45175 - Idira Endpoint Privilege Manager Agent: Security Control and Cryptographic Validation Bypass in Internal Agent Validation Processes

CVE-2026-53819 - OpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override