Summary
Key Points:
- A zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being actively exploited, allowing remote code execution without authentication.
- The vulnerability affects versions 8.61 and 8.62, with reports of breaches affecting over 100 organizations, primarily educational institutions, including the University of Nottingham.
- Immediate actions include applying patches once available and monitoring for indicators of compromise related to ShinyHunters' ongoing attacks.
Technical Details: CVE-2026-35273 is a critical vulnerability that enables attackers to execute arbitrary code remotely on vulnerable PeopleSoft servers. The exploitation is reported to involve a combination of old and zero-day vulnerabilities.
MITRE ATT&CK Techniques:
- T1203 - Exploitation for Client Execution (Execution)
- T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
- T1003.001 - OS Credential Dumping: LSASS Memory (Credential Access)
IOCs Mentioned:
- List of IPs and domains related to the attacks (specific details not provided in the article).
Join the discussion — sign up to comment, upvote, and save articles.