a group calling itself shinyhunters exploited an unpatched oracle peoplesoft remote-code flaw (cvss 9.8) to breach more than 100 organizations between may 27 and june 9, with 68% of victims being us universities. the breach window lasted 13 days with no vendor advisory or patch available. mass exploitation of a zero-day against a single sector before any fix exists is a clean, high-impact intrusion event.