ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

ShinyHunters exploited CVE-2026-35273, a critical unpatched remote code execution flaw in Oracle PeopleSoft PeopleTools, to breach university systems. The zero-day carries a CVSS score of 9.8, requires no authentication, and was actively exploited between May 27 and June 9 before Oracle's June 10 advisory.