the shinyhunters group exploited a critical oracle peoplesoft remote-code-execution flaw (cve-2026-35273, severity 9.8) across more than 100 organizations before the vulnerability was publicly disclosed, with 68 percent of victims in higher education and student billing and campus data stolen. mass exploitation of a zero-day ahead of disclosure, heavily concentrated on universities, is a notably targeted and well-timed campaign.