Oracle has issued a security alert regarding a serious vulnerability in its PeopleSoft software, which could allow hackers to execute remote code without authentication. The flaw, identified as CVE-2026-35273, potentially impacts various Oracle PeopleSoft Enterprise Applications, highlighting a critical need for immediate action from users.
In response to the threat, Oracle has emphasized the importance of applying all necessary updates to mitigate risks. Mandiant and the Google Threat Intelligence Group reported the existence of an ongoing extortion campaign targeting the PeopleSoft infrastructure, notifying over 100 organizations about their potential exposure, predominantly in the United States and particularly affecting the higher education sector.
Recent findings revealed that a hacking group had published stolen data, including sensitive billing and payment records, on their website. This incident is part of a troubling trend, as evidenced by previous breaches involving notable companies such as Hasbro and CarGurus, which have also faced significant data compromises in 2026.