The Next Web

ShinyHunters breached 100+ companies through an unpatched Oracle PeopleSoft zero-day

ShinyHunters exploited CVE-2026-35273 (CVSS 9.8) to breach 100+ organisations using Oracle PeopleSoft. Two-thirds are universities. No patch exists yet.
Computer Weekly

Oracle fixes PeopleSoft flaw exploited by ShinyHunters

Oracle has issued an out-of-band patch for a remote code execution (RCE) zero-day vulnerability affecting its PeopleSoft Enterprise PeopleTools product that is being exploited in a rapidly spreading ...