ShinyHunters (UNC6240) exploited a CVSS 9.5 unauthenticated RCE zero-day in Oracle PeopleSoft’s Environment Management Hub for approximately two weeks before Oracle published an advisory, with confirmed data theft from over 100 organizations, 68% of them higher education institutions. The vulnerability chains deserialization, OS command injection, missing authentication, and hard-coded credentials — an unusually deep weakness stack for a single component. Organizations running internet-accessible PeopleSoft should treat any unpatched instance as a potential breach until the patch is applied and an active compromise hunt is completed.