The ShinyHunters extortion gang claims to have compromised Oracle PeopleSoft servers across more than 100 organizations, including numerous universities, in an ongoing data theft campaign.
ShinyHunters, a known cybercriminal group, has targeted Oracle PeopleSoft infrastructure in attacks affecting over 100 entities. The gang operates an extortion scheme, typically demanding payment in exchange for not publishing stolen data.
Oracle PeopleSoft is a widely deployed human capital management and enterprise resource planning system used by organizations across sectors including higher education, government, and private industry. The breadth of the breach underscores the risk posed by vulnerabilities in popular enterprise software platforms.
The ShinyHunters group has become increasingly active in recent years, carrying out high-profile attacks against major organizations and publishing data when extortion demands go unmet. Their claims of accessing PeopleSoft systems across universities and other institutions represent a significant security incident, though the specific vulnerabilities exploited remain unclear.
Oracle has not yet issued a public statement regarding the breach. The company typically addresses security issues through its quarterly patch releases and security advisories. Organizations running PeopleSoft should review their systems for signs of compromise and consult Oracle's security guidance.
The timing of the disclosure coincides with Oracle's recent earnings report, which saw shares decline following higher-than-expected capital expenditure figures related to AI infrastructure investments. Investors expressed concerns about the profitability of Oracle's AI business expansion, adding pressure to the company amid broader market uncertainty.
Securityresearchers recommend affected organizations conduct forensic investigations, reset credentials, and review access logs for unauthorized activity. Those targeted by ShinyHunters should also prepare for potential extortion demands and consider reporting the breach to relevant law enforcement agencies and regulators.
KPMG fabricated case studies in an AI adoption report featuring UBS, the NHS, and other organizations. The consulting firm has withdrawn the document after the false claims were uncovered.
The White House imposed export restrictions on Anthropic's advanced AI models after intelligence suggested a China-linked group may have accessed Mythos. The potential breach raises significant national security concerns.
As Russia tightens digital restrictions this year, citizens are increasingly turning to virtual private networks and multiple phone devices to circumvent government controls.
Security experts recommend passkeys as a safer alternative to traditional passwords, but skeptics question whether a smartphone PIN offers genuine protection compared to complex passwords paired with two-factor authentication.