TECH NEWS

Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters

https://www.securityweek.com/wp-content/uploads/2023/01/Cybersecurity_News-SecurityWeek.jpg

Google has confirmed that a PeopleSoft vulnerability mitigated by Oracle this week has been exploited by ShinyHunters as a zero-day to steal data from organizations.

Oracle has released an out-of-band advisory and security alert for CVE-2026-35273, a critical unauthenticated remote code execution vulnerability impacting PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62, as well as PeopleSoft Enterprise Applications.

The software giant has released mitigations, but patches do not appear to be available.

PeopleSoft is an ERP software suite used by many large organizations to manage a wide range of business functions, including HR, payroll, finance, supply chain, and campus operations.

While the solution is used across many industries, the ShinyHunters campaign exploiting CVE-2026-35273 appears to have focused on the education sector. The University of Nottingham in the UK is the first confirmed victim.

Mandiant and Google Threat Intelligence Group (GTIG) reported observing activity associated with the exploitation of the...

Copyright of this story solely belongs to securityweek.com. To see the full text click HERE

Read more

https://assets.bwbx.io/images/users/iqjWHBFdfxIU/imZqKnFL0nLU/v0/1200x800.jpg

Australia-based Firmus partners with Nvidia to build its first data center in Batam, Indonesia; the 360 MW Nvidia DSX AI factory campus is developed with DayOne

Sponsor Posts Fast, affordable law for startups — Soxton automates startup legal so founders can move faster and sleep better. We handle incorporation, advisor, employment and commercial contracts. Join the waitlist for early access! Stop vibe coding analytics — Equals AI turns questions about your business into auditable spreadsheet models and dashboards.