ShinyHunters exploit hidden Oracle PeopleSoft bug, breach over 100 organizations
A major cyberattack by the group ShinyHunters hit over 100 organizations, mostly U.S.-based, with 68% in higher education, by exploiting a hidden bug in Oracle's PeopleSoft software.
The breach happened between May 27 and June 9, just before Oracle could warn anyone.
It's a big reminder that even trusted systems can have weak spots.
ShinyHunters used fake cloud connections
ShinyHunters slipped in using fake cloud connections to take control of key systems, letting them run commands from the inside.
Google flagged the issue and alerted schools after spotting suspicious activity linked to vulnerable endpoints.
With most victims being higher education institutions, this attack shows how important it is for organizations to keep their tech updated and watch out for sneaky threats like these.