# Oracle warns of security bug that hackers abused to breach 100+ companies _Thursday, June 25, 2026 at 8:07 PM EDT · Cybersecurity · Latest · Tier 2 — Notable_ ![Oracle warns of security bug that hackers abused to breach 100+ companies — Primary](https://techcrunch.com/wp-content/uploads/2026/06/oracle-logo-nyse.jpg?resize=1200,800) Oracle warned its corporate customers of a critical rated vulnerability in its PeopleSoft software. The software is used by large companies to manage payroll and human resources. The warning came a day after a cybercrime group took credit for abusing the flaw as part of a mass hacking campaign. The company published the security advisory after the hacking group ShinyHunters claimed to have breached more than 100 organizations that use PeopleSoft servers. Mandiant warned in a blog post that the new Oracle flaw is the same bug that ShinyHunters is abusing in its hacking campaign targeting PeopleSoft customers. Oracle has not released a patch for the vulnerability at the time of writing. The advisory said the bug can be exploited over the internet without needing any authentication. Oracle recommended that customers who use PeopleSoft software apply its mitigations to prevent exploitation. A ShinyHunters member told TechCrunch that the gang compromised the companies by abusing an unpatched flaw in PeopleSoft servers. The bug is known as a zero day. Mandiant confirmed that it has also notified more than 100 global organizations, most of them in the United States, in an effort to restrict access to their potentially vulnerable systems. About two thirds of these organizations are in higher education. Mandiant said that while several organizations successfully blocked the activity or remediated the vulnerabilities, others experienced compromise resulting in stolen data being published on the ShinyHunters Data Leak Website. Oracle did not respond to TechCrunch's request for comment. The ShinyHunters member told TechCrunch that some of the hacked organizations are universities and colleges. The hacker shared a message sent to one victim school in which the hackers claimed to have stolen hundreds of thousands of student records containing full name, home address, phone, email, date of birth, gender, ethnicity, enrollment status, GPA, major, and student ID across all campuses, among other data. PeopleSoft and its customers are the latest victims in a series of hacking campaigns by the ShinyHunters gang targeting organizations that share the same vulnerable software. In the last year the group targeted several companies that use Salesforce and Gainsight as well as software provided by Instructure. Earlier this year education tech company Instructure said it paid the hackers after they breached the company's systems twice. As part of the campaign ShinyHunters defaced the login pages of several schools that use Instructure's school information portal Canvas. ## Sources - [TechCrunch](https://techcrunch.com/2026/06/11/oracle-warns-of-security-bug-that-hackers-abused-to-breach-100-companies/) --- Canonical: https://techandbusiness.org/newswire/X0O85GNlLhBSz1ObTi4DW3 Retrieved: 2026-06-26T04:04:09.320Z Publisher: Tech & Business (techandbusiness.org)