Oracle has discovered a vulnerability in some of its PeopleSoft software that is remotely exploitable without authentication and can result in remote code execution if exploited by hackers, the company said in a Wednesday (June 10) security alert.
The vulnerability (CVE-2026-35273) is in Oracle PeopleSoft PeopleTools and may affect Oracle PeopleSoft Enterprise Applications, according to the security alert.
“We consider implementation of the recommended mitigations to be a high-priority risk reduction measure and strongly recommend immediate action to address the identified exposure,” the security alert said. “Oracle always recommends that customers remain on actively-supported versions and apply all Critical Patch Updates, Critical Security Patch Updates and Security Alerts without delay.”
Mandiant and Google Threat Intelligence Group (GTIG) addressed the exploit in a Thursday (June 11) blog post, saying they identified an active compromise and extortion campaign targeting the Oracle PeopleSoft application infrastructure.
The companies said they notified more than 100 global organizations that could be vulnerable to this exploit and found that most were in the United States and 68% were within the higher education sector.
They also said they found data leaks of stolen organization data published on a hacking group’s site on Tuesday (June 9).
Advertisement: Scroll to Continue
Mandiant and GTIG also shared in their blog post a post from the hacking group’s website in which the group claimed to have stolen billing and payment records, credit card and payment details, student finance data and other sensitive data.
TechCrunch reported Thursday that the hacking group claimed to have breached more than 100 organizations that use PeopleSoft servers.
These reports follow several other recent data breaches and other cyberattacks.
Toymaker Hasbro reported in April that it had uncovered a breach, had taken some of its systems offline, and believed it could take weeks to resolve the cyberattack.
It was reported in February that 12.4 million records of customer data were stolen from car shopping site CarGurus and posted by a hacking group.
In October 2025, it was reported that a hacking group claimed to have stolen 1 billion records from cloud databases hosted by Salesforce and was attempting to extort Salesforce and the companies to which that data belonged.
Oracle Urges Immediate Software Patches as Hackers Breach PeopleSoft Servers | PYMNTS.com Top World News Today.
Hence then, the article about oracle urges immediate software patches as hackers breach peoplesoft servers pymnts com was published today ( ) and is available on TOP world News today ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( Oracle Urges Immediate Software Patches as Hackers Breach PeopleSoft Servers .. PYMNTS.com )
Also on site :