Oracle addresses a PeopleSoft vulnerability identified as CVE-2026-35273 after reports that attackers are using it to compromise organizations. Multiple outlets report that the flaw enables unauthenticated remote code execution over the internet, allowing intrusion without requiring login. Bleeping Computer and The Next Web state that the vulnerability is actively exploited in attacks associated with ShinyHunters, including alleged data theft and breaches affecting more than 100 organizations. SecurityWeek and the other reports note that Oracle has released a patch for CVE-2026-35273, but Oracle’s public communications do not clearly confirm whether the exploited activity constitutes a specific “zero-day” at the time of disclosure. The Next Web also reports that Oracle’s advisory describes the vulnerability as critical and cites a very high CVSS score. Across sources, the common theme is that organizations using PeopleSoft are being warned to remediate promptly and that exploitation in the wild has been reported. Oracle’s exact position on whether the incident is definitively a zero-day is presented differently in the coverage, but the vulnerability’s severity and remote, unauthenticated exploitability are consistent.
Oracle patches CVE-2026-35273 PeopleSoft flaw amid reports of ShinyHunters exploitation
Oracle addresses a PeopleSoft vulnerability identified as CVE-2026-35273 after reports that attackers are using it to compromise organizations. Multiple outlets report that the flaw enables unauthenti...
- CVE-2026-35273 affects Oracle PeopleSoft and is described as allowing unauthenticated remote code execution.
- Reports link exploitation to ShinyHunters activity, including claims of data theft and breaches of 100+ organizations.
- Oracle releases a patch for CVE-2026-35273, and multiple outlets advise prompt remediation.
- Oracle’s public advisory does not clearly confirm whether the attacks involve an unpatched zero-day at the time of exploitation.
- Outlets describe the vulnerability as critical, with The Next Web citing a CVSS score of 9.8.
Oracle warned customers on Thursday of a critical vulnerability in its PeopleSoft software that hackers have already exploited to breach more than 100 organisations. The flaw, CVE-2026-35273, carries a CVSS score of 9.8 and can be exploited over the internet without any authentication. Oracle has not released a patch. The advisory came a day after […] This story continues at The Next Web
3 hours agoOracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. [...]
4 hours agoOracle has released a patch for CVE-2026-35273, but it has not said whether it’s a zero-day exploited in ShinyHunters attacks. The post Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks appeared first on SecurityWeek.
10 hours ago
Julián Quiñones scores first goal of the 2026 World Cup for Mexico
Julián Quiñones scores the first goal of the 2026 FIFA World Cup for Mexico in the match against South Africa. NBC News...
MCG chief inspects waterlogging hotspots and orders drainage work before monsoon
The chief of the Municipal Corporation of Gurgaon (MCG) inspects areas identified as waterlogging hotspots and directs o...
Canada Post to convert 485,000 more addresses to community mailboxes in 2027
Canada Post is expanding its ongoing transition from door-to-door delivery to community mailboxes. According to multiple...