Scoopfeeds — Intelligent news, curated.
PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data
computer-science

PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data

Ars Technica · Jun 12, 2026, 7:26 PM

One of the world’s most active ransomware groups exploited a critical vulnerability in Oracle’s People Soft software suite and used it to target about 100 customers and extort at least one of them to pay up in exchange for not leaking stolen data, researchers said. The group, tracked as Shiny Hunters, had been exploiting the People Soft vulnerability for more than two weeks before Oracle flagged it. CVE-2026-35273, as the vulnerability is tracked, carries a severity rating of 9.8 out of 10, making the former zero-day one of the year’s most critical vulnerabilities to be exploited. Google’s Mandiant security team said it’s an SSRF (server-side request forgery), a vulnerability that allows attackers to send requests from a susceptible server to systems used by the targeted organization. Oracle said the SSRF is remotely exploitable, and the company has issued a stopgap mitigation but has yet to fully patch the flaw. Google has confirmed that victims are receiving extortion demands.Read full article Comments

Article preview — originally published by Ars Technica. Full story at the source.
Read full story on Ars Technica → More top stories

More in computer-science

TechCrunch
SpaceX IPO closes up 19% and delivers the world’s first trillionaire
Hacker News
Swift at Apple: Migrating the TrueType Hinting Interpreter
Hacker News
Kagi Magic
TechCrunch
SpaceX president Gwynne Shotwell just gave another hint at a Tesla merger
Ars Technica
Controversial FISA spying law expires tonight. The spying will continue.
Aggregated and edited by the Scoop newsroom. We surface news from Ars Technica alongside other reporting so you can compare coverage in one place. Editorial policy · Corrections · About Scoop