Cyber Security News

Hacking Editorial Brief — June 13, 2026

ShinyHunters Exploits Oracle PeopleSoft Zero-Day in University Breaches

The ShinyHunters extortion group leveraged CVE-2026-35273, an unpatched zero-day vulnerability in Oracle PeopleSoft, to breach enterprise systems and exfiltrate sensitive data from multiple universities. The campaign represents a tactical evolution for the group, which has historically relied on purchased access or social engineering rather than zero-day exploitation. The vulnerability allowed unauthorized access to PeopleSoft installations before Oracle issued remediation guidance. Organizations running PeopleSoft should immediately review Oracle's security advisories and implement available mitigations while monitoring for indicators of compromise related to this attack vector.

Supply Chain Attack Compromises 400+ Arch Linux AUR Packages

Attackers hijacked over 400 packages in the Arch User Repository, modifying build scripts to deploy an information stealer and eBPF rootkit on systems that compiled the compromised packages. The campaign targeted the AUR's decentralized trust model, where community-maintained packages lack the centralized security review applied to official repositories. The attack demonstrates continued threat actor focus on open-source supply chains as high-value targets for persistent access and credential theft. In related activity, Russia-linked COLDRIVER has accelerated malware development since May 2025 with multiple new variants, indicating increased operational tempo. Meanwhile, Meta disclosed that attackers exploited its AI-powered support system to hijack over 20,000 Instagram accounts through automated password reset abuse, highlighting emerging attack surfaces created by AI-driven customer service tools.

Sources: The Hacker News · WIU Cybersecurity Center · The Hacker News · BleepingComputer