CISA flags critical Oracle PeopleSoft flaw exploited by ShinyHunters
Security teams are racing to patch a critical remote code execution flaw in Oracle PeopleSoft after attackers exploited it for nearly two weeks before a fix was available. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability, tracked as CVE-2026-35273 with a CVSS score of 9.8, to its Known Exploited Vulnerabilities catalog, signaling active abuse in the wild.
A zero-day window of opportunity
The flaw resides in the Environment Management component of Oracle PeopleSoft’s PeopleTools platform, allowing unauthenticated remote code execution without user interaction—only network access to the Environment Management Hub endpoint is required. Attackers linked to the ShinyHunters group seized on the gap between May 27 and June 9, 2026, before Oracle released its advisory on June 10. During this period, the flaw operated as a zero-day, leaving organizations without official guidance or patches.
Universities in the crosshairs
According to threat intelligence from Mandiant and Google’s Threat Intelligence Group, 68% of the more than 100 compromised organizations were universities and colleges, predominantly in the United States. The attackers deployed custom malware disguised as Microsoft Azure services, leveraging open-source remote management tools like MeshCentral to blend into normal administrative traffic. Their staging infrastructure—exposed by researcher @nahamike01—revealed detailed command logs outlining the full operational timeline, from initial access to post-exploitation actions.
Immediate action required
Oracle has confirmed that PeopleTools versions 8.61 and 8.62 are affected, with earlier unsupported versions likely vulnerable as well. CISA’s addition to the KEV catalog means federal agencies must remediate the flaw by July 1, 2026, under binding operational directives. Security teams should prioritize patching and review Environment Management Hub endpoints for signs of compromise, as the attackers’ tactics demonstrate how quickly opportunistic groups can weaponize high-severity flaws.
Source: Security Affairs. AI-assisted editorial synthesis — TechnoExpress.