Oracle mitigates PeopleSoft zero-day exploited in data theft attacks
Summary
Oracle has issued a warning about a critical zero-day vulnerability in PeopleSoft Suite, identified as CVE-2026-35273. This flaw enables unauthenticated remote code execution and is actively being exploited by the ShinyHunter threat actor for data theft attacks.
IFF Assessment
The article details a critical zero-day vulnerability being actively exploited for data theft, which poses a significant risk to organizations using Oracle PeopleSoft.
Severity
This CVSS score is estimated as high due to the critical nature of unauthenticated remote code execution, which allows an attacker to take full control of a vulnerable system without any prior authentication, leading to significant data compromise and operational disruption.
Defender Context
Defenders should prioritize patching or mitigating this critical Oracle PeopleSoft zero-day vulnerability (CVE-2026-35273) immediately, as it is already under active exploitation for data theft. Organizations should also enhance monitoring for suspicious activity related to PeopleSoft applications and investigate any potential indicators of compromise associated with the ShinyHunter threat actor.