惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Vercel News
Vercel News
The GitHub Blog
The GitHub Blog
博客园 - 【当耐特】
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recent Announcements
Recent Announcements
D
Docker
GbyAI
GbyAI
酷 壳 – CoolShell
酷 壳 – CoolShell
WordPress大学
WordPress大学
The Cloudflare Blog
雷峰网
雷峰网
A
About on SuperTechFans
小众软件
小众软件
博客园 - Franky
博客园 - 聂微东
F
Full Disclosure
大猫的无限游戏
大猫的无限游戏
C
Check Point Blog
MongoDB | Blog
MongoDB | Blog
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
U
Unit 42
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
V
V2EX
Engineering at Meta
Engineering at Meta
宝玉的分享
宝玉的分享
aimingoo的专栏
aimingoo的专栏
量子位
P
Proofpoint News Feed
Hugging Face - Blog
Hugging Face - Blog
博客园_首页
罗磊的独立博客
Martin Fowler
Martin Fowler
D
DataBreaches.Net
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Secure Thoughts
Project Zero
Project Zero
L
LangChain Blog
阮一峰的网络日志
阮一峰的网络日志
C
Cybersecurity and Infrastructure Security Agency CISA
T
Tailwind CSS Blog
S
Schneier on Security
Blog — PlanetScale
Blog — PlanetScale
The Hacker News
The Hacker News
Spread Privacy
Spread Privacy
Security Latest
Security Latest
NISL@THU
NISL@THU
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
CXSECURITY Database RSS Feed - CXSecurity.com
J
Java Code Geeks

Hackread – Cybersecurity News, Data Breaches, AI and More

Suspected Cyberattack Sends Fake Emergency Alert to Phones Across Brazil Operation Endgame Disrupts StealC, Amadey and SocGholish Malware Networks New GhostShell Hacking Group Targets Ukraine’s Drone Defense Sector Fake npm Packages Impersonate PostCSS Tool to Steal Chrome Passwords Best Crypto Payment Solutions for E-Commerce Businesses Internet Society Foundation Opens Global Call for Common Good Cyber Fund to Strengthen Cybersecurity LastPass Confirms Customer Data Breach After Klue OAuth Token Theft ‘Cordyceps’ CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking The Rise of AI-Powered Academic Fraud: Beyond Traditional Plagiarism New CryptoBandits Malware Uses USB Drives and Tor to Steal Crypto The Evolution of iGaming Fraud: What Security Teams Should Expect in 2027 2 Scattered Spider-Linked Hackers Plead Guilty Over £39M TfL Cyberattack Beats Studio Buds Flaw Could Let Nearby Attackers Eavesdrop on Users Texas Parks and Wildlife Data Breach Affects Over 3M License Customers Threat Hunting Beyond Alerts: Finding the Activity Detection Misses Scammers Use Fake GitHub Stars, VirusTotal Reviews to Spread Crypto Clipper Salesforce Disables Klue Integration After OAuth Token Theft Hits Customer Data MDR Provider Comparison: Time to Discover and Respond to Threats Meteor 3.0 Migration Helped Rocket.Chat Move Off End-of-Life Node.js Runtime Gcore Helps Ucom Safeguard Public Live Broadcast Infrastructure During Armenia’s Parliamentary Elections Nintendo America Employee Data Exposed After Shadowbyt3$ Targets TinyPulse eFAQ Publishes Investigation Into Alleged Scam Activity and Coordinated Reputation Attacks FIFA World Cup 2026: Hackers Target Football Fans With Fake Tickets Sites MacBook Neo vs Windows Laptops for Cybersecurity Tasks Operation Endgame Disrupts SocGholish Malware Infrastructure What Businesses Should Know Before Migrating Their CMS DragonForce Ransomware Abused Microsoft Teams to Hide Malware Activity Agentjacking: Researchers Show How One Fake Bug Report Can Hijack AI Coding Agents FortiBleed Attack Exposes Fortinet Firewall Credentials in 194 Countries SpyCloud Report Finds Phishing Attacks Surge as Employee Data Is Exposed at 86% of Fortune 100 Companies 152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Fake Search Clicks Heimdal Survey: Executives Four Times More Confident About AI Risk Than the Teams Managing It ESET MDR vs Sophos MDR: Compared Time to discover and respond to a threat 15 Malicious JetBrains Plugins Caught Stealing DeepSeek, OpenAI API Keys Amos Stealer Targets macOS Keychain Files and Browser Passwords Aembit Extends IAM for Agentic AI to Microsoft Copilot Studio AppViewX Launches Agent Identity Security to Govern Agents for the AI and Quantum Era New Rokarolla Android Trojan Found Targeting 217 Crypto and Banking Apps Developer laptops are the credential store attackers are picking through in 2026, GitGuardian announces Endpoint Protection Best of Android Fax Apps: Top 5 Secure Picks for 2026 Feds Seize CFAKE and SOCFAKE Over Explicit Deepfakes of Famous Women Handala Hacking Group Claims Breach of California Water Service Over 50 Android Apps Found Spreading MagicAd Trojan via Official Stores Hackers Hide New Argamal Malware Inside Working Hentai Games Extradited Ukrainian Man Admits Role in Conti Ransomware Attacks Atomic Arch Campaign Hijacks 20+ Linux AUR Packages to Deliver Malware The SpaceX Pre-IPO Market: How Crypto Rails Are Opening Synthetic Access Feds Seize AudiA6 and Dark2Web in $389M Crypto Laundering Case ShinyHunters Leak 40GB of University of Nottingham Student Data Authorities Dismantle Decade-Old SniperDZ Phishing Network Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface Management Hackers Use Fake Claude Code Guide and AI PDFs to Spread AsyncRAT Malware The Hidden Security Risks of Poor Software Testing FBI Seizes China-Linked Fake Consulting Sites Targeting US Clearance Holders How to Turn Images into Animated Videos with AI: A Wondershare Filmora Guide Scammers Use TikTok and Instagram Reels to Spread Vidar Infostealer ServiceNow Discloses Security Incident Exposing Customer Data Cloud Security Report Finds Fragmented Tools Widening the Cloud Complexity Gap Microsoft June 2026 Patch Tuesday Fixes 206 Flaws and 3 Zero-Days Network Log Analysis: Why Collecting Logs is Not Enough WhatsApp Says It Blocked Pegasus Spyware Campaign Linked to NSO Operation FlutterBridge Uses Fake Google Ads to Spread macOS Backdoor Hackers Clone Ghidra, dnSpy and Other Tool Sites to Spread Malware Silent Ransom Group Uses Fast Flux Botnet to Hide Law Firm Leak Sites Instagram Recovery Tool Bug Exposed 20,225 Accounts to Password Reset Abuse Instagram Glitch Reportedly Exposed Contact Info of Zuckerberg and Other Users New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account Atlas Menu Data Breach Exposes 64,000 GTA V and CS2 Cheat Service Users Reaper macOS Infostealer Abuses Script Editor to Steal Crypto and Passwords iFood Confirms Data Breach Affecting 1.2 Million Users in Brazil Why eSIMs Are Replacing Traditional SIM Cards Lazarus Group Uses npm Brandjacking Campaign to Target Developers Five Eyes Warns Chinese Spies Are Using Fake Job Ads to Target Military Staff How to Recover Data from iCloud Backup Without Resetting Your iPhone China-Linked TA4922 Hackers Target UK, Europe With New SilentRunLoader Malware Alcasec, "Robin Hood of Spanish Hackers," Jailed for 31 Months Over Data Theft Fake ChatGPT Desktop App Ads Used to Push Password-Stealing Malware Hackers Abused Meta’s AI Support Bot to Hijack Major Instagram Accounts New WordPress Malware Uses Steam Profile Comments to Hide C2 Instructions Halo Security Honored with 2026 MSP Today Product of the Year Award Why Encrypted File Sharing Is Essential for Modern Businesses What One Predator Case Can Reveal About an Online Platform’s Safety Gaps RaccoonLine Publishes 2026 dVPN Buyer’s Guide for Privacy-Focused Users How to Get a Reddit API Key in 2026: Step-by-Step Guide Zero-Click pretalx XSS Flaw Lets Hackers Hijack Conference Organizer Accounts How to Get the Most From Your Explainer Video Production Services Fake Purchase Order Emails Spread Fileless PureLogs Malware via RAR Archives 27,000-Download Codex UI Tool Secretly Stole OpenAI Refresh Tokens Fake Anthropic Sites Deliver Fileless Infostealer to Claude Code Users The Deliverability Problem: How New Platforms Are Solving Inbox Placement The CISO Whisperer's Watch List For The Gartner Security & Risk Management Summit 2026 Can Big Data Predict Market Movements Accurately? Iran’s Nimbus Manticore Used Trojanized Zoom Installers Against US Firms How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts? Link11 is fully committed to Europe and is opening a Customer Excellence Hub in Lisbon Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning Claude Mythos AI Identified 10,000+ Software Vulnerabilities in One Month FBI Chief Kash Patel’s Clothing Store Hacked in ClickFix Infostealer Attack Netherlands Busts Bulletproof Hosting Network Linked to Disinfo and Cybercrime
ShinyHunters Target Universities in Oracle PeopleSoft Zero-Day Attack
Deeba Ahmed · 2026-06-12 · via Hackread – Cybersecurity News, Data Breaches, AI and More

A massive wave of cyberattacks has hit more than 100 organisations globally, and universities are the main targets. Security researchers at Mandiant and the Google Threat Intelligence Group (GTIG) were notified about the threat through public reports. Further probing revealed that 68% of the victims were colleges and universities. And, most of these are based in the US.

The cybercrime group behind this wave is UNC6240 or ShinyHunters. The group’s targets were organisations using the Oracle PeopleSoft software. For your information, this software handles institutional business operations.

Reportedly, the activity occurred between 27 May and 9 June, and involved the exploitation of a critical zero-day flaw (tracked as CVE-2026-35273 CVSS 9.8) to compromise university networks. Since the group caught this flaw before Oracle released a patch, they proceeded completely unhindered.

One of the group’s latest victims in the PeopleSoft-linked attack is the University of Nottingham in the United Kingdom, where the personal data of 450,000 students was leaked just a couple of days ago. The leaked data reportedly includes 40 GB of PII and financial information belonging to students and university staff.

ShinyHunters Leaks 40GB of University of Nottingham Student Data
Screenshot credit Hackread.com

Vulnerability Details

CVE-2026-35273 is an unauthenticated remote code execution bug that exists in the Oracle PeopleSoft PeopleTools (mainly versions 8.61 and 8.62) Environment Management Hub (PSEMHUB) component. According to GTIG’s blog post, this bug allowed hackers to bypass authentication entirely or log in as privileged users.

Instead of a direct database exploit, they operated entirely inside PeopleSoft’s application logic, using legitimate APIs to access and extract records. This means standard database security monitors never noticed anything wrong. This tactic is similar to other major supply-chain software compromises we have observed in the past, like the MOVEit breaches.

ShinyHunters, (or a group impersonating them) exposed several directories revealing ongoing targeting of PeopleSoft (Enterprise Resource Planning software) environments.

Also visible were staging materials, including MeshCentral agents, and a defacement and credential spray…

— Michael R (@nahamike01) June 10, 2026

How the Hackers Operated

Researchers found five staging IP addresses (142.11.200.186 to 142.11.200.190) running Python SimpleHTTP servers on port 8888 that the hackers used to store their malware. This toolkit contained MeshCentral remote-control binaries named meshagent32-azure-ops.exe, meshagent64-azure-ops.exe, and meshagent64-v2.exe.

These files were strategically named after safe Microsoft Azure services to bypass security filters and hide their true goal- opening a backdoor to a C2 server (wss://azurenetfiles.net:443/agent.ashx).

Once inside, the attackers read WebLogic configurations (config.xml) and process scheduler files (psappsrv.cfg) to map out the internal network blueprints. To spread quickly across university networks, they deployed a custom script called (victim_abbreviation)_fanout.sh.

This script fetched a list of internal systems from /etc/hosts and used credential spraying (which involves rapid, automated password guessing) to compromise deeper systems.

To fulfil their main objective of data theft and extortion, the hackers then planted a note named README-IF-YOU-SEE-THIS-YOUVE-BEEN-HACKED.TXT inside internal folders. This was done after full system control to threaten the victims.

The attack’s final step involved compressing the stolen files using the zstd utility tools so that data packages became easier to move and exfiltrating the archives to their public leak site mirror at 176.120.22.24.

Emergency Response

Oracle released an out-of-band Security Advisory on 10 June 2026, announcing that fixes will be arriving soon. The company warned users to quickly apply remediation measures, meanwhile:

“We consider implementation of the recommended mitigations to be a high-priority risk reduction measure and strongly recommend immediate action to address the identified exposure.”

To stop the attacks, security teams need to isolate the /PSEMHUB/* and /PSIGW/HttpListeningConnector network points right away. They should also watch out for Server-Side Request Forgery (SSRF) in their access logs and block unusual port 445 SMB traffic leaving their systems.

Expert perspective:

“The Oracle PeopleSoft breach is an example of the new kind of attacks every ERP will face in today’s new agentic world. Companies need to reassess their ERP security and controls and adapt, because they are exposed,” said James Davison, Chief Strategy Officer at Pathlock, an identity and access security provider.

This attack shows that traditional perimeter security and IdP-level authentication are necessary, but not sufficient. Modern ERP security requires a layered approach that combines preventive controls, continuous monitoring, and visibility into user activity. The visibility into user activity is key here; behavioral monitoring to spot exceptions isn’t a nice-to-have anymore,” James explained.