Exploitation of a zero-day vulnerability in Oracle PeopleSoft, identified as CVE-2026-35273, has been confirmed by Google, with the ShinyHunters group suspected of being behind the attacks. Although Oracle has released a mitigation for this flaw, the company has not publicly acknowledged its exploitation in the wild. The vulnerability's exploitation status is crucial in determining the urgency of patching, with Google's confirmation suggesting that immediate action may be necessary. Technical details of the vulnerability are limited, but its presence in Oracle PeopleSoft systems poses a significant risk to organizations relying on this software. The fact that a prominent threat actor like ShinyHunters is involved underscores the potential for widespread exploitation1. This confirmation matters to security practitioners because it elevates the priority of applying the available mitigation to prevent potential breaches.
Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters
⚠️ Critical Alert
Why This Matters
CVE-2026-35273 is in active discussion involving Google — exploitation status determines whether this is patch-now or monitor.
References
- SecurityWeek. (2026, June 12). Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters. SecurityWeek. https://www.securityweek.com/google-confirms-exploitation-of-oracle-peoplesoft-zero-day-by-shinyhunters/
Original Source
SecurityWeek
Read original →