1 article
A critical zero-day vulnerability in Oracle PeopleSoft Campus Solutions — CVE-2026-35273, CVSS 9.8 — has been exploited by the ShinyHunters threat group to breach student record systems at multiple universities across the US, UK, and Australia. The flaw allows unauthenticated attackers to bypass authentication in the PeopleSoft web application layer, granting direct access to student enrolment, financial aid, and academic records.