Skip to content

Oracle Zero-Day Vulnerability Under Active Exploitation

Carthage Electronics · Story 2 of 6

Oracle has confirmed that CVE-2026-35273, a critical unauthenticated remote code execution vulnerability in PeopleSoft PeopleTools versions 8.61 and 8.62, is being actively exploited by the ShinyHunters data extortion group. This vulnerability allows attackers to execute arbitrary code without authentication on systems with internet-facing PeopleSoft portals. The ShinyHunters group, responsible for major breaches including the 2024 Ticketmaster incident, has been targeting this flaw for rapid data exfiltration. CISA issued Binding Operational Directive 26-04, establishing a 3-day patch mandate for critical vulnerabilities affecting internet-facing systems. Organizations running PeopleSoft must patch immediately or restrict internet access to the portal as a temporary mitigation.

Analysis
Live

This attack represents a critical threat to MENA organizations, especially government agencies, universities, and enterprises using PeopleSoft for HR and finance systems. For Egyptian and Saudi organizations with heavy reliance on enterprise systems, this vulnerability requires immediate attention and patch prioritization, especially as many Middle Eastern organizations grapple with similar zero-day attacks.

Frequently Asked Questions
What systems are most at risk from this vulnerability?

PeopleSoft deployments used by universities, hospitals, government agencies, and enterprises for HR, finance, and student information systems.