← Back to news

Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert

Help Net Security11/06/2026, 12:41
Read full article →

Summary

AI-Generated

Key Points:

  • A zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being actively exploited, allowing remote code execution without authentication.
  • The vulnerability affects versions 8.61 and 8.62, with reports of breaches affecting over 100 organizations, primarily educational institutions, including the University of Nottingham.
  • Immediate actions include applying patches once available and monitoring for indicators of compromise related to ShinyHunters' ongoing attacks.

Technical Details: CVE-2026-35273 is a critical vulnerability that enables attackers to execute arbitrary code remotely on vulnerable PeopleSoft servers. The exploitation is reported to involve a combination of old and zero-day vulnerabilities.

MITRE ATT&CK Techniques:

  • T1203 - Exploitation for Client Execution (Execution)
  • T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
  • T1003.001 - OS Credential Dumping: LSASS Memory (Credential Access)

IOCs Mentioned:

  • List of IPs and domains related to the attacks (specific details not provided in the article).

Join the discussion — sign up to comment, upvote, and save articles.

Discussion

or to comment
Loading...

Loading comments...

Join 5,000+ security professionals

Get access to curated threat intel, upvote articles, join discussions, and build your karma in the SOC community.