PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data
Summary
A hacking group called ShinyHunters exploited a serious security flaw in Oracle's PeopleSoft software to steal large amounts of data from about 100 organizations. Oracle issued a temporary fix, but the vulnerability remains unpatched, and the hackers have demanded money to avoid leaking stolen data.Key Facts
- The vulnerability is known as CVE-2026-35273 and has a severity score of 9.8 out of 10.
- ShinyHunters exploited the flaw for more than two weeks before Oracle alerted users.
- About 68% of the affected organizations are in higher education, including the University of Nottingham.
- The hacking group stole up to 48 gigabytes of data from a single victim.
- The flaw is a server-side request forgery (SSRF), letting hackers send unauthorized requests from compromised servers.
- Oracle provided a temporary solution but has not yet fully fixed the security problem.
- ShinyHunters has been active since at least 2019 and has targeted major companies worldwide.
- Security firms Mandiant and Rapid7 are advising PeopleSoft users on how to protect their systems.
Read the Full Article
This is a fact-based summary from The Actual News. Click below to read the complete story directly from the original source.