By Joseph Ofonagoro
Publication Date: 2026-06-15 13:12:00
A critical vulnerability in Oracle PeopleSoft is already being exploited, putting more than 100 companies on alert.
Oracle has issued an emergency alert for CVE-2026-35273, a vulnerability affecting PeopleSoft versions 8.61 and 8.62 that could allow unauthenticated remote code execution. According to researchers at Google Threat Intelligence Group and Mandiant, the campaign targeted systems exposed to the internet and used by universities, corporations and other large institutions.
The suspected connection to ShinyHunters raises the stakes. For organizations using PeopleSoft, this is not just a patch issue. It’s a clock that’s already ticking.
Vulnerability breakdown
Researchers at the Google Threat Intelligence Group and Mandiant say the campaign was observed between May 27 and June 9. Because this vulnerability had been actively exploited for days before it was discovered, it is considered a zero-day vulnerability.
The campaign targeted Oracle PeopleSoftan enterprise resource planning…
