ShinyHunters claims it hacked 100 orgs by exploiting an Oracle PeopleSoft 0-day
Summary
The hacking group ShinyHunters claims to have exploited a zero-day vulnerability in Oracle's PeopleSoft system, affecting at least 100 organizations. The University of Nottingham has confirmed it was targeted, marking the first of potentially many victims.
IFF Assessment
This is bad news for defenders as a zero-day vulnerability is being actively exploited by a threat actor, potentially leading to widespread compromise.
Severity
Exploiting a zero-day in a widely used enterprise system like PeopleSoft would likely allow for remote code execution with high impact and low complexity, warranting a high CVSS score.
Defender Context
Organizations using Oracle PeopleSoft should be highly vigilant for signs of compromise and prioritize patching or implementing mitigations as soon as they become available. This incident highlights the ongoing threat of zero-day exploits against critical enterprise software.