Shared from twixb · securityweek.com

Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters

securityweek.com·Jun 12, 2026

Google confirmed that a zero-day vulnerability in Oracle's PeopleSoft, identified as CVE-2026-35273, has been exploited by the hacking group ShinyHunters to steal data, particularly targeting the education sector. While Oracle has issued mitigations, no patches are currently available, and the University of Nottingham has been identified as a confirmed victim of this breach.

The most actionable insight for you is that the PeopleSoft zero-day vulnerability CVE-2026-35273 has been actively exploited by ShinyHunters, primarily targeting the education sector. It is critical for organizations using PeopleSoft to implement Google's shared remediation and hardening recommendations immediately, as Oracle has not yet released patches. This proactive step could protect against similar exploitation attempts and mitigate the risk of data theft.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters

Want more content like this?

More from Cybersecurity News

[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You

Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts

Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

Risky Bulletin: Arch Linux supply chain attack hits 1,900 packages

Upcoming Speaking Engagements