Oracle has issued an urgent warning to customers over a critical security flaw in its PeopleSoft enterprise software, after cybercrime group ShinyHunters claimed responsibility for a large-scale hacking campaign that allegedly compromised more than 100 organizations worldwide.

The software giant released a security advisory on Thursday, cautioning that the vulnerability can be exploited remotely over the internet without authentication. Oracle has not yet released a patch for the flaw and has advised customers to implement available mitigation measures to reduce the risk of attack.

The warning follows claims by ShinyHunters that it breached more than 100 organizations using vulnerable PeopleSoft servers.

The group told TechCrunch that it exploited an unpatched zero-day vulnerability in the software, allowing it to gain unauthorized access to victim systems.

Cybersecurity firm Mandiant, owned by Google, confirmed that the vulnerability cited by Oracle is the same flaw being exploited in the ongoing campaign.

The company said it has alerted more than 100 organizations globally—primarily in the United States—whose systems may be exposed.

According to Mandiant, nearly two-thirds of the affected organizations operate in the higher education sector, reflecting earlier claims by ShinyHunters that universities and colleges were among its primary targets.

While some organizations successfully blocked the attacks or remediated the vulnerability, Mandiant said others suffered breaches that resulted in sensitive data being stolen and subsequently published on the group’s leak site.

ShinyHunters reportedly claimed to have accessed extensive student records from at least one educational institution, including personal and academic information such as names, contact details, enrollment records, grades, and student identification data.

The incident marks the latest in a series of supply-chain-style cyber campaigns by ShinyHunters, which has increasingly focused on exploiting vulnerabilities in widely used enterprise software platforms.

Over the past year, the group has targeted organizations using software from companies including Salesforce, Gainsight, and Instructure.

The group’s typical strategy involves identifying vulnerable software used across multiple organizations, stealing corporate or customer data, and demanding ransom payments to prevent public disclosure. Earlier this year, Instructure disclosed that it paid the hackers following two separate breaches of its systems, during which several schools using its Canvas platform had their login pages defaced.

Oracle has not publicly commented beyond its security advisory and did not respond to requests for additional comment regarding the reported attacks