// CanvasHIGH
ShinyHunters exploited a critical zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft between May 27 and June 9, 2026, affecting over 100 organizations—68% in higher education. The threat group, previously linked to the Canvas breach, gained unauthorized access to student records and other sensitive data. CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog and mandated remediation for federal agencies by June 14.
- Colleges hit in cyberattack by group behind Canvas breach, Googl(opens in a new tab)
- ShinyHunters linked to exploitation of critical flaw in Oracle P(opens in a new tab)
- Google warns that ShinyHunters group is exploiting Oracle flaw t(opens in a new tab)
- CISA Warns of Oracle PeopleSoft 0-Day Vulnerability Exploited in(opens in a new tab)
// Get alerts for Canvas