🛡️ BREAKING ALERT — ORACLE PEOPLESOFT ZERO-DAY ACTIVELY EXPLOITED BY SHINY HUNTERS | CVE-2026-35273
Published Friday, June 12, 2026 at 03:57 AM PT BLUF: Google has confirmed active in-the-wild exploitation of a zero-day vulnerability in Oracle PeopleSoft (CVE-2026-35273) by threat actor ShinyHunters. Oracle has mitigated the flaw but has not publicly confirmed exploitation. Organizations running PeopleSoft should treat this as an emergency patching priority. DETAILS CVE-2026-35273 affects Oracle PeopleSoft; specific technical details of the vulnerability class (e.g., RCE, authentication bypass) have not been publicly confirmed at this time. Google — attribution source not yet specified (Threat Intelligence, Mandiant, or Project Zero — unconfirmed which team) — has confirmed the vulnerability was exploited in the wild prior to patching. ShinyHunters is the attributed threat actor. The group has a documented history of large-scale data theft and extortion operations, including credential harvesting and database exfiltration. Oracle has deployed a mitigation for CVE-2026-35273 but has not issued a public advisory confirming exploitation as of this alert. The gap between vendor and third-party confirmation is notable and should be monitored. Patch availability status beyond Oracle’s mitigation action is not yet confirmed — it is unclear whether a full patch is available or if workarounds are the current remediation path. IMPACT Directly affected: Organizations running Oracle PeopleSoft — commonly deployed in higher education, government, and large enterprise environments for HR, finance, and student administration. Scope: Potentially broad. PeopleSoft deployments frequently contain sensitive PII, payroll, financial, and HR data — consistent with ShinyHunters’ historical targeting profile. Data exfiltration risk is elevated given ShinyHunters’ operational pattern of bulk data theft for sale or extortion. RECOMMENDED ACTIONS Apply Oracle’s mitigation immediately. Do not wait for a full patch release. Contact Oracle support for guidance specific to your deployment version. Audit PeopleSoft access logs for anomalous authentication attempts, unusual API calls, or unexpected data exports — particularly over the past 30–60 days. Restrict external-facing PeopleSoft access where operationally feasible pending full remediation. Monitor Oracle’s security advisory portal for a formal CVE disclosure and patch release. Brief incident response teams now. If ShinyHunters has already accessed your environment, early detection is critical to limiting exfiltration scope. SOURCES SecurityWeek — “Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters” Oracle mitigation action: confirmed via SecurityWeek reporting; no independent Oracle advisory confirmed at time of publication. ⚠️ UNCERTAINTY FLAG: Oracle has not publicly confirmed exploitation. Vulnerability technical class, affected version range, and Google attribution team are unconfirmed. This alert will require update as details emerge. ...