Oracle PeopleSoft Zero-Day RCE Vulnerability Exploited by ShinyHunters

Jun 12, 2026 8:02 AM

Tags: cve, cvss, cyber, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, vulnerability, zero-day

A newly disclosed zero-day vulnerability in Oracle PeopleSoft is being actively exploited by the ShinyHunters threat group, according to a joint investigation by Mandiant and Google Threat Intelligence Group (GTIG). Tracked as CVE-2026-35273 with a critical CVSS score of 9.8, the flaw affects the Environment Management component and enables unauthenticated remote code execution. Researchers confirmed […] The post Oracle PeopleSoft Zero-Day RCE Vulnerability Exploited by ShinyHunters appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

First seen on gbhackers.com

Jump to article: gbhackers.com/oracle-peoplesoft-zero-day-rce-vulnerability/

also interesting:

Ivanti warns critical RCE flaw in Connect Secure exploited as zero-day
The 2024 cyberwar playbook: Tricks used by nation-state actors
CVE-2025-61882: Frequently Asked Questions About Oracle E-Business Suite (EBS) Zero-Day and Associated Vulnerabilities
CVE-2025-61882: Frequently Asked Questions About Oracle E-Business Suite (EBS) Zero-Day and Associated Vulnerabilities

Collecting Cyber-News from over 60 sources

X
LinkedIn
RSS Feed
Mail

Here I provide a database that gathers and curates the latest news on Cybersecurity. Being well-informed is the key to successfully respond on security threats.

Imprint | Privacy Policy | Contact