Oracle PeopleSoft zero-day hits over 100 organizations (opens in new tab)

Google’s Mandiant and Google Threat Intelligence Group linked a campaign by ShinyHunters to exploitation of CVE-2026-35273, a critical vulnerability in Oracle PeopleSoft PeopleTools that affected versions 8.61 and 8.62 and could allow unauthenticated remote code execution. Google said it observed activity consistent with exploitation between May 27 and June 9 and notified more than 100 global organizations with potentially vulnerable endpoints, most of them in the United States and 68% in hig...