PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data

ShinyHunters exploited a critical PeopleSoft vulnerability, CVE-2026-35273, rated 9.8 severity, targeting 100 organizations. The group extorted victims after stealing gigabytes of data. The University of Nottingham confirmed a breach exposing student data. Oracle issued a stopgap mitigation but has not fully patched the flaw.