By Lorenzo Franceschi-Bicchierai
Publication Date: 2026-06-11 20:27:00
Oracle warned its enterprise customers that there is a critical-rated vulnerability in its PeopleSoft software, used by large companies to manage payroll and human resources, a day after a cybercrime group was blamed for exploiting the vulnerability as part of a mass hacking campaign.
The company has published the safety advisory on Thursday after the hacker group ShinyHunters claimed to have attacked more than 100 organizations use the PeopleSoft servers.
Mandiant, the Google-owned security unit that investigates cyberattacks, warned in a blog post that the new Oracle flaw is the same flaw that the ShinyHunters group is exploiting in its hacking campaign against PeopleSoft customers.
Oracle, which has not yet released a patch for the vulnerability at the time of writing, said in the advisory that the flaw can be exploited over the Internet without requiring authentication, such as a password.
The tech giant recommended that customers using PeopleSoft software…
