Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters

**Oracle PeopleSoft zero-day exploited in active extortion campaign:** Mandiant and Google TAG warn that UNC6240 (ShinyHunters) actively exploited a critical unauthenticated RCE (CVE-2026-35273, CVSS 9.8) in Oracle PeopleSoft (PSEMHUB) between May 27 and June 9, 2026, using staged servers (142.11.200.186–190), masqueraded MeshCentral agents (e.g., meshagent64-azure-ops.exe) and the domain azurenetfiles.net for C2; attackers performed reconnaissance, lateral movement, compressed exfiltration archives and posted stolen data to a public data leak site, impacting primarily higher education organizations and resulting in confirmed data loss (≈40 GB) for at least one university.