compliance · BleepingComputer
Oracle disclosed a critical zero-day vulnerability (CVE-2026-35273) in PeopleSoft PeopleTools versions 8.61 and 8.62 that allows unauthenticated remote code execution with a CVSS score of 9.8. The flaw has been actively exploited by the ShinyHunters extortion gang to breach PeopleSoft instances and steal data. According to ShinyHunters, attackers exploited a "gadget chain" of old and zero-day flaws to compromise approximately 300 instances across over 100 organizations. Mandiant confirmed the vulnerability was exploited as a zero-day, with 68 percent of targeted organizations operating in the higher education sector. Oracle released emergency mitigations and indicated a patch is forthcoming.
Organizations running PeopleSoft—particularly those in higher education, healthcare, and other regulated sectors—should treat this as an immediate priority. Defense contractors and SaaS providers using PeopleSoft for HR or financial data face particular risk given the sensitivity of exfiltrated records and potential compliance implications under CMMC, SOC 2, and HIPAA. Mandiant's guidance recommends restricting access to vulnerable endpoints, reviewing logs for suspicious requests to /PSEMHUB/ and /PSIGW/HttpListeningConnector paths, and inspecting for webshells or persistence mechanisms. An Omniware engagement can scope incident response readiness, log analysis procedures, and patching prioritization for your specific environment.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/oracle-mitigates-peoplesoft-zero-day-exploited-in-data-theft-attacks/
Source: BleepingComputer
All briefings