PeopleSoft Vulnerability Exploited, Data Stolen
One of the world’s most active ransomware groups exploited a critical vulnerability in Oracle’s PeopleSoft software suite and used it to target about 100 customers and extort at least one of them to pay up in exchange for not leaking stolen data, researchers said. The group, tracked as ShinyHunters, had been exploiting the PeopleSoft vulnerability for more than two weeks before Oracle flagged it. CVE-2026-35273, as the vulnerability is tracked, carries a severity rating of 9.
A critical vulnerability in Oracle's PeopleSoft software suite has been exploited by a prominent ransomware group, impacting hundreds of organizations. The group, known as ShinyHunters, targeted approximately 100 customers and has extorted at least one victim by threatening to leak stolen data. Researchers noted that the exploitation occurred for over two weeks before Oracle identified the flaw. The vulnerability, tracked as CVE-2026-35273, has a severity rating of 9.8 out of 10, making it one of the most critical zero-day exploits of the year. Google's Mandiant team identified the issue as a server-side request forgery (SSRF), allowing attackers to initiate requests from a compromised server to other systems within the targeted organization. Oracle has provided a temporary mitigation but has not yet released a full patch for the remotely exploitable vulnerability.
This event is significant as it demonstrates a major security breach affecting numerous organizations through a critical software vulnerability, leading to data theft and extortion.
📌 Kaynak
Bu özet Ars Technica kaynağından otomatik derlenmiştir. Tamamı için orijinal habere gidin.
Orijinal haberi oku →