Researchers from Mandiant and Google Threat Intelligence Group are warning the higher education sector, including universities, that ShinyHunters has exploited an Oracle PeopleSoft zero-day vulnerability and has “potentially infiltrated the networks of more than 100 organizations in an attack spree that largely impacted higher education.” ShinyHunters has reportedly started publishing the names of the compromised victims and stolen data.

The vulnerability (CVE-2026-35273) “allows unauthorized attackers to execute remote code and takeover affected servers.” Oracle has published mitigation steps, but a patch has not yet been released. According to Mandiant, “This campaign is still active.” Google adds that “most of the potential victim pool is based in the United States and 68% are in the higher education sector.” If you are in the higher education sector, implement Oracle’s mitigation steps  as soon as possible, and look out for a released patch.