答案已發布15 小時前Last edited 15 小時前14 來源

ShinyHunters 利用漏洞橫掃 Oracle PeopleSoft，過百機構中招

ShinyHunters 利用 CVE 2026 35273，一個 CVSS 9.8 分嘅超高危漏洞，無需驗證就直接遙控 Oracle PeopleSoft 伺服器，短短兩星期內攻陷超過 300 個系統，超過 100 間機構受害。攻擊者專偷個人身份資料、學術紀錄、HR 同薪酬數據，然後勒索贖金。教育界成為重災區，大量大學嘅學生同教職員資料外洩。

使用 Studio Global AI 搜尋並查核事實瀏覽更多熱門頁面

1040

Digital illustration representing the ShinyHunters cyberattack on Oracle PeopleSoft systems, with a shattered database icon, glowing code, and a dark, urgent cybersecurity backdrop — What was the ShinyHunters zero-day campaign against Oracle PeopleSoft that breached over 100 organizations, what was the vulnerability (CVE-The ShinyHunters zero-day campaign exploited CVE-2026-35273 to breach over 300 Oracle PeopleSoft instances worldwide.
AI 提示
Create a landscape editorial hero image for this Studio Global article: What was the ShinyHunters zero-day campaign against Oracle PeopleSoft that breached over 100 organizations, what was the vulnerability (CVE-. Article summary: Here is a comprehensive breakdown of the ShinyHunters campaign against Oracle PeopleSoft, based on current reporting.. Topic tags: general, general web, user generated. Reference image context from search candidates: Reference image 1: visual subject "Android Headlines / Tech News / Hackers Exploited a Critical Oracle Zero-Day to Breach Over 100 Companies. # Hackers Exploited a Critical Oracle Zero-Day to Breach Over 100 Compani" source context "Oracle Zero-Day Exploited to Breach 100+ Companies" Reference image 2: visual subject "# Oracle PeopleSoft Zero Day Exploited by ShinyHunters. Oracle shipped emergency mitigations on June 11 for CVE-2026-35273 after Shi
openai.com

2026 年 6 月初，網路犯罪組織 ShinyHunters 發動咗年度最具破壞性嘅零時差攻擊之一。佢哋利用 Oracle PeopleSoft 軟件嘅一個嚴重漏洞，響全球超過 100 間機構仲未有得修復之前，就已經成功入侵系統。今次攻擊主要針對大學同企業，再次暴露咗大型 ERP 系統（企業資源規劃系統，即係用嚟管理公司日常運作嘅軟件，例如人事、財務）被忽視嘅安全風險，同埋黑客點樣將一個未公開嘅漏洞迅速變成勒索工具。

呢次事件核心嘅漏洞編號係 CVE-2026-35273，CVSS v3.1 危險評分高達 9.8 分（10 分滿分），黑客唔使任何登入資料就「可以喺未經授權嘅情況下遙控執行惡意程式碼」，完全控制伺服器。以下我哋會詳細拆解呢個漏洞嘅技術細節、攻擊時間線、被盜嘅資料、Oracle 同 CISA（美國網絡安全及基礎設施安全局）嘅應對，以及你作為機構負責人或者 IT 人員，而家最急切要做嘅防禦措施。

漏洞係乜？CVE-2026-35273 拆解

CVE-2026-35273 存在於 Oracle PeopleSoft Enterprise PeopleTools 嘅「Updates Environment Management」組件入面，主要影響 8.61 同 8.62 版本 。根據網絡安全公司 Rapid7 嘅分析，呢個漏洞本質上係一種「伺服器端請求偽造」（SSRF，一種欺騙伺服器去執行惡意請求嘅攻擊方式），攻擊者可以通過 HTTP 協議，喺唔需要密碼嘅情況下觸發。一旦成功利用，黑客就可以完全接管成個 PeopleSoft 伺服器，機密性、完整性同可用性全部失守。

Studio Global AI

Search, cite, and publish your own answer

Use this topic as a starting point for a fresh source-backed answer, then compare citations before you share it.

使用 Studio Global AI 搜尋並查核事實

人們還問