Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks
Summary
Oracle has issued a patch for a vulnerability identified as CVE-2026-35273 affecting its PeopleSoft software. This action comes in response to reports suggesting that the vulnerability may have been exploited as a zero-day in attacks attributed to the ShinyHunters threat group.
IFF Assessment
The patching of a vulnerability that was reportedly exploited in the wild indicates a potential threat to organizations using the affected software, making it bad news for defenders.
Severity
Defender Context
Defenders should prioritize patching Oracle PeopleSoft instances with the released update to mitigate the risk of exploitation. Organizations should also monitor for any signs of compromise that may have occurred prior to the patch's deployment, especially if they have been targeted by ShinyHunters or similar threat actors.