Oracle Issues Security Warning After ShinyHunters Exploits Critical Zero-Day Flaw in PeopleSoft Software To Breach 100+ Organisations

Oracle has confirmed a critical zero-day vulnerability (CVE-2026-35273) in PeopleSoft software, currently being exploited by the ShinyHunters hacking group. The campaign has breached over 100 organisations, mostly universities, exposing sensitive student and staff data. Oracle has advised immediate network isolation and endpoint monitoring, as an official software patch remains under development by the company.