Oracle PeopleSoft Attack, North Korean Hackers and CISA: Cybersecurity Under Siege

A group of cybercriminals known as ShinyHunters claims to have breached Oracle PeopleSoft servers belonging to over 100 organizations, including many universities. The news breaks at a time when the threat landscape is already tense. According to a CrowdStrike report, North Korean hackers posing as remote IT workers are behind nearly half of all attacks on the US tech industry over the past year. Together, these stories paint a worrying picture for enterprise and institutional security.

The Three-Front Threat

The Oracle PeopleSoft incident is not an isolated case. The severity has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to order federal agencies to fix vulnerabilities in just three days. The reason is the growing automation of attacks powered by artificial intelligence, as a CISA official warned. Defenders can no longer afford weeks to patch. This urgency also extends to the private sector, where the risk of ransomware or industrial espionage is higher than ever.

The New Cybercriminal Profile

The North Korean threat is particularly insidious. Hackers infiltrate companies by posing as developers or recruiters, hitting not only the US but also Europe and Asia. CrowdStrike estimates that half of US tech incidents are linked to these operations. Meanwhile, another critical front involves the misuse of facial recognition technology: the ACLU has sued two Florida police departments over a wrongful arrest based on a flawed face-recognition match. An error fueled by unreliable AI that led to a near-certain identification of an innocent person.

Implications for the Future

These stories converge on one point: technology, if not rigorously managed, multiplies risks. Companies must rethink their security strategies, embracing rapid patching and human oversight of AI outputs. While WWDC 2026 brought epochal updates with iOS 27 and Siri AI, the cybersecurity front reminds us that every innovation opens new doors for attackers. The message is clear: adopting AI is not enough; we must learn to defend against those who use it against us.