Post by Black Kite

ShinyHunters has claimed breaches at 100+ organizations by exploiting a zero-day in Oracle PeopleSoft. The University of Nottingham has confirmed it. 454,600 student records are already live on the leak site. This is the third time in 18 months this group has targeted a widely deployed enterprise platform. Snowflake. Salesforce Experience Cloud. Now PeopleSoft. The playbook doesn't change. Find a shared platform. Automate at scale. Breach ecosystems, not just individual organizations. For TPCRM teams, the question isn't just whether your own PeopleSoft environment is patched. It's which of your vendors are running it, and what data of yours is inside their environment. The Black Kite Research Group™ published the Oracle PeopleSoft FocusTag® today. It identifies every vendor in your ecosystem with an internet-exposed PeopleSoft instance using continuous scanning, no questionnaires, no waiting for self-reporting. Intelligence-led response means knowing before the leak site tells you. Full campaign breakdown and recommended actions: