oracle Discovered a security vulnerability in some of… PeopleSoft The software can be exploited remotely without authentication and can lead to remote code execution if exploited by hackers, the company said on Wednesday (June 10). Security alert.
The vulnerability (CVE-2026-35273) exists in Oracle PeopleSoft PeopleTools and may affect Oracle PeopleSoft Enterprise applications, according to the security alert.
“We consider implementing the recommended mitigation measures a high priority risk reduction measure and strongly recommend immediate action to address the identified exposure,” the security advisory said. “Oracle always recommends that customers continue to use actively supported releases and apply all critical patch updates, critical security patch updates, and security alerts without delay.”
Mandiant and Google Threat Intelligence Group (GTIG) addressed the exploit on Thursday (June 11). Blog postSaying they have identified an active compromise and extortion campaign targeting Oracle PeopleSoft infrastructure.
The companies said they notified more than 100 global organizations that may be vulnerable to this exploitation, and found that most of them were in the United States and that 68% of them were within the higher education sector.
They also said they found data leaks of the organization’s stolen data posted on the hacking group’s website on Tuesday (June 9).
Advertisement: Scroll to continue
Mandiant and GTIG also shared in their blog post a post from the hacking group’s website in which the group claimed to have stolen billing and payment records, credit card and payment details, student finance data, and other sensitive data.
TechCrunch I mentioned Thursday that the hacking group claimed to have hacked more than 100 organizations using PeopleSoft servers.
These reports follow several recent data breaches and other cyberattacks.
Playmaker Hasbro It reported in April that it had discovered a breach, taken some of its systems offline, and believed it could take weeks to resolve the issue. Cyber attack.
In February, it was reported that 12.4 million customer data records were stolen from the car shopping site CarGurus And published by A Hacking group.
In October 2025, it was reported that A.J Hacking group He claimed to have stolen a billion records from cloud-hosted databases Sales force He was trying to blackmail Salesforce and the companies to which that data belonged.
