Oracle warns of critical PeopleSoft attacks by ShinyHunters

ShinyHunters exploited CVE-2026-35273, a critical remote code execution vulnerability in Oracle PeopleSoft versions 8.61 and 8.62, compromising over 100 organizations and exfiltrating data from 300 instances. Oracle urged immediate patching. Google's Mandiant alerted over 100 organizations, with 68% being higher education institutions.