ShinyHunters claims it exploited a critical Oracle PeopleSoft zero-day to [1]compromise more than 100 organizations, including the University of Nottingham , where it says it stole 40GB of student and billing data. "ShinyHunters posted the UK university on its data leak site on Tuesday before publishing the stolen files later that same day, presumably because the school refused to pay the extortion demand," reports The Register. From the report:

> "University of Nottingham on our leak site is one of the first publicly confirmed incidents," a ShinyHunters spokesperson told us. "We have only just started outreach to affected orgs and are actively looking to reach an agreement with affected orgs." They didn't say when they planned to post the other 100 or so claimed victims.

>

> A Google threat intelligence [2]report published Thursday afternoon corroborated ShinyHunters' claims to have compromised more than 100 organizations. Google said it spotted malicious activity, "consistent with the exploitation of [3]CVE-2026-35273 ," between May 27 and June 9, and notified more than 100 global orgs "whose IP addresses correlated with potentially vulnerable endpoints." Most of these, we're told, are based in the US and 68 percent are in the higher-education sector.

Oracle has [4]released a "patch availability document," but it's unclear whether a patch is currently available.



[1] https://www.theregister.com/cyber-crime/2026/06/11/shinyhunters-claims-oracle-peoplesoft-0-day-hit-100-orgs/5254443

[2] https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit

[3] https://nvd.nist.gov/vuln/detail/CVE-2026-35273

[4] https://www.oracle.com/security-alerts/alert-cve-2026-35273.html