What's Happening?
Oracle has released an urgent advisory addressing a critical vulnerability in its PeopleSoft software, identified as CVE-2026-35273. This vulnerability allows unauthenticated attackers to execute remote code, posing significant risks to organizations
using PeopleSoft for enterprise resource planning. The advisory follows reports of the ShinyHunters hacker group targeting over 100 organizations using PeopleSoft, exploiting both old and zero-day vulnerabilities to access sensitive data. Oracle has provided mitigations but not a full patch, urging immediate implementation to reduce risk. The education sector, including the University of Nottingham, has been notably affected, with confirmed data breaches.
Why It's Important?
The vulnerability in PeopleSoft, a widely used ERP software, highlights the ongoing threat of cyberattacks on critical business systems. Organizations relying on PeopleSoft for managing HR, payroll, and other essential functions face potential data breaches and operational disruptions. The involvement of ShinyHunters, known for previous high-profile data thefts, underscores the sophistication and persistence of cybercriminals targeting enterprise software. This situation emphasizes the need for robust cybersecurity measures and timely updates to protect sensitive information and maintain business continuity.
What's Next?
Organizations using PeopleSoft are expected to implement Oracle's recommended mitigations promptly to safeguard against potential exploitation. The cybersecurity community will likely monitor for further developments and potential patches from Oracle. Affected sectors, particularly education, may need to reassess their security protocols and incident response strategies. Stakeholders, including IT departments and security firms, will continue to evaluate the broader implications of such vulnerabilities on enterprise software security.
