Oracle mitigates PeopleSoft zero-day exploited in data theft attacks

Oracle warned of a critical PeopleSoft zero-day, CVE-2026-35273, with a CVSS score of 9.8, enabling unauthenticated remote code execution. The flaw affects PeopleTools versions 8.61 and 8.62 and is actively exploited by the ShinyHunters extortion gang in data theft attacks. Oracle released emergency mitigations and plans a patch.