Published Thursday, June 11, 2026 at 03:54 PM PT

BREAKING: Oracle PeopleSoft Zero-Day Exploited in Active Data Theft Campaign

BLUF: Oracle has mitigated a zero-day vulnerability in PeopleSoft that threat actors actively exploited to steal data. Organizations running PeopleSoft should apply Oracle’s mitigation immediately and audit systems for signs of unauthorized data access.

DETAILS

  • Oracle has confirmed a zero-day vulnerability in PeopleSoft was exploited in the wild prior to mitigation, resulting in confirmed data theft incidents.
  • Oracle has issued a mitigation — note: it is not confirmed at this time whether a full patch is available or whether the mitigation is a workaround only; organizations should verify patch status directly with Oracle support.
  • The vulnerability was exploited before Oracle could issue a fix, classifying this as a true zero-day exploitation event.
  • Specific technical details of the vulnerability (CVE assignment, attack vector, authentication requirements) are not confirmed in available reporting at this time.
  • Threat actor identity, campaign scope, and volume of affected organizations are currently unknown.

IMPACT

  • Directly affected: Organizations running Oracle PeopleSoft — commonly deployed in higher education, government, and large enterprise environments for HR, finance, and student information systems.
  • Data at risk: PeopleSoft environments typically contain sensitive HR records, payroll data, financial data, and personally identifiable information (PII) — high-value targets for data theft and extortion.
  • Scope: Unknown at this time. Active exploitation confirmed; breadth of victim organizations has not been publicly disclosed.
  1. Apply Oracle’s mitigation immediately. Access Oracle Support (My Oracle Support) for the specific mitigation guidance relevant to your PeopleSoft version.
  2. Audit access logs on PeopleSoft systems for anomalous queries, bulk data exports, or unauthorized API calls — particularly in the period prior to mitigation deployment.
  3. Restrict external-facing PeopleSoft access where operationally feasible until a full patch is confirmed available and applied.
  4. Engage your incident response process if any indicators of compromise are identified; assume data exfiltration may have occurred if systems were internet-accessible during the exploitation window.
  5. Monitor Oracle’s security advisories for CVE assignment and additional technical indicators.

SOURCES

  • BleepingComputer — Oracle mitigates PeopleSoft zero-day exploited in data theft attacks

⚠️ UNCERTAINTY FLAG: Technical specifics including CVE identifiers, affected version ranges, attack vectors, and threat actor attribution are unconfirmed in available reporting. This alert will require update as Oracle releases formal advisory documentation.