Oracle PeopleSoft Vulnerability Exploited by ShinyHunters

💡Critical enterprise software breach; essential for security-conscious AI engineers managing sensitive data infrastructur
⚡ 30-Second TL;DR
What Changed
Critical security vulnerability identified in Oracle PeopleSoft software.
Why It Matters
Large-scale breaches of HR and payroll systems pose significant data privacy risks and may trigger stricter enterprise security compliance requirements.
What To Do Next
If your organization uses PeopleSoft, immediately audit server logs for unauthorized access and apply the latest security patches from Oracle.
Key Points
- •Critical security vulnerability identified in Oracle PeopleSoft software.
- •ShinyHunters group claims to have breached over 100 organizations.
- •The vulnerability affects systems managing payroll and human resources.
🧠 Deep Insight
Web-grounded analysis with 15 cited sources.
🔑 Enhanced Key Takeaways
- •The vulnerability, identified as CVE-2026-35273, is a critical remote code execution (RCE) flaw in PeopleSoft Enterprise PeopleTools, rated 9.8 out of 10 on the CVSS scale, and affects versions 8.61 and 8.62.
- •ShinyHunters exploited this vulnerability as a zero-day between May 27 and June 9, 2026, before Oracle issued its security advisory on June 10, 2026.
- •The attacks specifically targeted the Environment Management Hub (PSEMHUB) component within PeopleSoft's Updates Environment Management, requiring no authentication or user interaction for exploitation.
- •The campaign predominantly impacted the higher education sector, with 68% of the over 100 compromised organizations being universities, primarily in the United States.
- •ShinyHunters utilized a 'gadget chain' combining older vulnerabilities with the zero-day, and post-compromise tactics included deploying custom MeshCentral remote-management agents and a lateral-movement script that sprayed hardcoded credentials via SSH.
📊 Competitor Analysis▸ Show
| Feature/Category | Oracle PeopleSoft | Workday HCM | SAP SuccessFactors HCM | Dayforce |
|---|---|---|---|---|
| Primary Focus | Comprehensive ERP (HR, Finance, SCM, Campus Solutions) | Cloud-based HCM & Financial Management | Human Experience Management (HXM) | HCM (Payroll, Time & Attendance, Talent) |
| Deployment | On-premises or Private Cloud (Cloud-hosted options available) | Cloud-based | Cloud-based | Cloud-based |
| Key Capabilities (HCM) | Employee lifecycle, organizational management, HR ticketing, payroll processing, talent management, benefits, tax management | Time & absence, compensation, learning, workforce planning, core HR | Employee lifecycle, organizational management, HR ticketing, payroll processing | Payroll processing, time & attendance, talent management, benefits, tax management |
| Market Share (HCM) | Significant, but specific share not provided in results | 23.06% | 10.73% (as SAP HCM) | Highly rated, but specific share not provided in results |
| User Feedback (G2/Gartner) | Users compare alternatives based on reliability and ease of use | Comprehensive, ease of use, intuitive interface | Helpful and comprehensive features | Highly rated for helpful and comprehensive features |
🛠️ Technical Deep Dive
- Architecture: Oracle PeopleSoft operates on a three-tier architecture known as the PeopleSoft Pure Internet Architecture (PIA), comprising a web tier (browser clients, web server running PeopleSoft web applications, typically on Oracle WebLogic or IBM WebSphere), an application server tier (PeopleSoft business logic on Oracle Tuxedo), and a database tier (relational database like Oracle Database or SQL Server).
- Vulnerability (CVE-2026-35273): This is a critical remote code execution (RCE) vulnerability in PeopleSoft Enterprise PeopleTools, affecting versions 8.61 and 8.62.
- Exploitation Vector: The flaw resides in the Updates Environment Management component, specifically targeting the Environment Management Hub (PSEMHUB), and is remotely exploitable over HTTP without authentication or user interaction.
- CVSS Score: The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10, indicating high severity and low exploitation complexity.
- Attacker Tools & Methods: ShinyHunters deployed customized MeshCentral remote-management agents, disguised as Microsoft Azure binaries, and a lateral-movement script (
[victim]_fanout.sh). This script spreads over SSH by spraying hardcoded usernames and passwords against internal hosts. - Data Exfiltration: The attackers used
zstdfor data compression and established outbound SSH connections to their leak site for exfiltration.
🔮 Future ImplicationsAI analysis grounded in cited sources
⏳ Timeline
📎 Sources (15)
Factual claims are grounded in the sources below. Forward-looking analysis is AI-generated interpretation.
Weekly AI Recap
Read this week's curated digest of top AI events →
👉Related Updates
Same topic
Explore #cybersecurity
Same product
More on peoplesoft
Same source
Latest from cnBeta (Full RSS)

Negotiator colludes with hackers to extort $75M

Slopsquatting: The New AI-Driven Software Supply Chain Threat

Apple vs OpenAI: Talent Poaching and Legal Tensions

Avi Loeb to lead White House UAP advisory committee
AI-curated news aggregator. All content rights belong to original publishers.
Original source: cnBeta (Full RSS) ↗