GOOGLE confirmed that a zero-day vulnerability in Oracle's PeopleSoft, identified as CVE-2026-35273 and affecting PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62, has been exploited by a hacking group known as ShinyHunters. This vulnerability allows unauthenticated remote code execution, and while Oracle has issued mitigations, no patches are currently available. ShinyHunters has focused its attacks on the education sector, with the University of Nottingham being the first confirmed victim.
Google notified over 100 organizations of their potential exposure, primarily in the U.S. Among the exploited systems, some were successfully blocked, but others suffered data breaches. Google provided recommendations for mitigation and shared indicators of compromise. Trend Micro noted limited exploitation of this vulnerability but is continuing its investigations.