Last mentioned: 13h ago
Google Confirms Exploitation
Google Threat Intelligence Group publicly confirms zero‑day exploitation by ShinyHunters and notifies over 100 affected organizations.
Oracle Releases Out‑of‑Band Advisory
Oracle publishes mitigations for CVE-2026-35273 and warns customers to apply them immediately, but no full patch is provided.
Google/Mandiant publish findings
Google’s threat intelligence blog details the campaign, attribution, and sector impact.
Oracle issues security advisory
Oracle publishes a patch and advisory for the PeopleSoft vulnerability, closing the zero-day window.
Campaign window closes
Last observed exploitation activity before Oracle issues its advisory.
Zero‑Day Exploitation Begins
According to Google and Mandiant, ShinyHunters starts actively exploiting CVE-2026-35273 to compromise PeopleSoft instances.
Campaign begins
ShinyHunters starts active scanning and exploitation of the Oracle PeopleSoft zero-day.
Patch Release
Dell issues critical security updates to address the RecoverPoint vulnerability.
Public Disclosure
Mandiant and GTIG reveal the 18-month-long zero-day exploitation campaign.
Attack Campaign Window
ShinyHunters targets ~300 instances across 100+ organizations, focusing on education sector. Deploys MeshCentral agents and lateral movement scripts.
Ongoing Espionage
Attackers maintain persistence and conduct malware campaigns across multiple sectors.
Initial Exploitation
UNC6201 begins weaponizing CVE-2026-22769 in targeted attacks.
Google and Mandiant confirm active exploitation of CVE-2026-35273, a critical unauthenticated RCE flaw in Oracle PeopleSoft. The ShinyHunters group compromised roughly 300 instances, with the higher education sector bearing 68% of the impact. Oracle has only released mitigations, leaving organizations exposed to data theft and extortion.
An active extortion campaign by ShinyHunters exploited a zero-day vulnerability in Oracle PeopleSoft, with Google notifying over 100 organizations—68% in higher education. The attackers used customized MeshCentral agents for C2, actions occurring before Oracle’s June 10 advisory. This highlights the growing threat of zero-day exploitation in widely used enterprise software and the education sector’s vulnerability.
A sophisticated Chinese cyberespionage group, tracked as UNC6201, has been exploiting a critical zero-day vulnerability in Dell RecoverPoint for Virtual Machines for nearly two years. The flaw, identified as CVE-2026-22769, allowed attackers to maintain long-term persistence and conduct stealthy malware campaigns against high-value targets.
This page surfaces every story mentioning Mandiant across our cybersecurity coverage. We track each entity's appearance over time so readers can trace how the narrative evolves — which developments are isolated incidents, which build into longer arcs, and which reframe how operators in the space think about the entity. Story selection uses the same multi-source verification gate applied across the rest of our coverage.
Read our editorial methodology for how we identify, deduplicate, and score entity references. Our glossary defines the technical terms used across stories on this page, and our trends index contextualizes individual developments against the longer-running cybersecurity beat. Cross-entity comparisons live on our compare view.
| What you see | What it tells you |
|---|---|
| Story count | Number of distinct stories where Mandiant was a primary or referenced actor. |
| Recency clustering | Whether mentions are concentrated in a recent window (a news cycle) or distributed (a sustained arc). |
| Sentiment distribution | Aggregate sentiment of the stories mentioning this entity, weighted by impact score. |
| Cross-niche links | When the same entity surfaces in our sibling networks, we link to those views to enrich context. |