Oracle Urges Immediate Software Patches as Hackers Breach PeopleSoft Servers

Oracle disclosed a critical PeopleSoft vulnerability (CVE-2026-35273) enabling unauthenticated remote code execution. Mandiant and Google Threat Intelligence Group identified an active extortion campaign targeting PeopleSoft servers, notifying over 100 global organizations. 68% of affected entities were in higher education, with stolen data including billing records and payment details published online.