Oracle issues urgent patch for PeopleSoft CVE-2026-35273 flaw

ORACLE has issued an out-of-band advisory for a critical vulnerability in its PeopleSoft software, allowing unauthenticated remote code execution. The vulnerability, tracked as CVE-2026-35273, affects PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62, with reports indicating that the ShinyHunters hacker group is exploiting this flaw to target organizations. Although Oracle did not confirm any active exploits, they emphasize immediate action on their recommended mitigations as a high priority. Confirmed targets include the University of Nottingham, which experienced a significant data breach following these attacks.