Oracle issued a security advisory on Thursday confirming the existence of the vulnerability, though a patch remains unavailable. The company currently advises users to implement specific mitigations to prevent further exploitation. Mandiant, which is actively tracking the campaign, has notified over 100 global entities—two-thirds of which are universities—to secure their systems against the ongoing threat.
The breach has already resulted in significant data exposure. ShinyHunters has begun publishing stolen records on its leak site, claiming to possess hundreds of thousands of student files, including GPAs, home addresses, and government-issued identification numbers. The group’s modus operandi involves identifying common software vulnerabilities to extort organizations, a tactic they recently employed against firms using Salesforce, Gainsight, and the Canvas portal provider Instructure. While some organizations successfully remediated their systems, others failed to block the unauthorized access, leading to the public release of their private data.
Comments (0)
No comments yet. Be the first!