logo

PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data

ID: 3f6583f1-a848-5afb-9e19-4b44a7adf2e5

STIX ID: report--3f6583f1-a848-5afb-9e19-4b44a7adf2e5

Feed Name: Ars Technica Security (category)

Threat Score
78/100

Date Published: 2026-06-12

Date Updated: 2026-06-12

Author: Dan Goodin

...
...

Mandiant attributes active data-exfiltration activity to the ShinyHunters group, reporting that attackers conducted reconnaissance in PeopleSoft environments, mapped configurations and WebLogic XML, established outbound SSH connections to an IP (176.120.22.24) hosting a data leak site, compressed stolen data with zstd, and published datasets (one victim lost ~48GB). The report notes multiple large victims since 2019, outlines techniques used (cloud misconfigurations, software vulnerabilities, stolen OAuth tokens, supply-chain and social engineering), and points to IOCs and mitigations provided by Mandiant and Rapid7.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.