Oracle Urges Immediate Software Patches as Hackers Breach PeopleSoft Servers

Oracle’s latest security alert flags CVE‑2026‑35273, a critical flaw in the PeopleSoft PeopleTools suite that allows attackers to execute code remotely without any credentials. The vulnerability resides in core middleware components used by PeopleSoft Enterprise Applications, meaning any organization running an unpatched version could be compromised with a single network request. Because PeopleSoft powers finance, HR, and student information systems for thousands of enterprises and universities, the attack surface is vast. Oracle’s recommendation to apply the Critical Patch Update immediately reflects the severity and the potential for rapid lateral movement within networks.

Mandiant and Google Threat Intelligence Group confirmed that the flaw is already being weaponized in a coordinated extortion scheme. More than 100 victims, predominantly U.S. higher‑education institutions, reported unauthorized access and data exfiltration, including billing records, credit‑card details, and student financial information. The attackers posted stolen files on a public leak site, leveraging the breach to pressure organizations into paying ransom. This incident underscores a broader trend where threat actors target legacy ERP platforms, exploiting delayed patch cycles to gain footholds in high‑value environments.

For enterprises, the PeopleSoft breach serves as a stark reminder that timely patch management is no longer optional. Organizations should inventory all PeopleSoft instances, verify they run supported releases, and automate the deployment of Oracle’s Critical Security Patch Updates. Complementary controls such as network segmentation, multi‑factor authentication for administrative access, and continuous threat‑intel monitoring can reduce the window of exposure. As attackers continue to hunt for unpatched legacy systems, a proactive security posture will be essential to protect sensitive financial and student data.