THREATNOIR
Subscribe
Back to Feed
Threat IntelligenceJun 12, 2026

Unit 42 is tracking the active targeting of Oracle PeopleSoft servers by Bling Libra (aka #ShinyH...

Bling Libra targets Oracle PeopleSoft servers using RCE flaw CVE-2026-35273.

Read at source

Summary

Palo Alto Networks' Unit 42 is tracking the Bling Libra threat actor, also known as #ShinyHunters, for actively targeting Oracle PeopleSoft servers. The group is suspected of exploiting the RCE vulnerability CVE-2026-35273. Since at least late May 2026, the primary sector targeted has been education.

Indicators of Compromise

  • cve — CVE-2026-35273

Entities

Bling Libra (threat_actor)#ShinyHunters (threat_actor)Oracle PeopleSoft (product)Oracle (vendor)