Oracle PeopleSoft broad zero-day exploitation campaign
Exploitation Wave
Summary
Hide ▲
Show ▼
A broad PeopleSoft zero-day exploitation campaign exposed multiple organizations to compromise after attackers abused a previously unknown Oracle PeopleSoft vulnerability. The wave widened risk for organizations running the platform, including internal reporting environments. NAIC tied its own breach to the same campaign after an unauthorized actor reached part of its PeopleSoft environment.
Related Happenings
US National Association of Insurance Commissioners (NAIC) hit by network compromise
Incident
H score21
First: 29.06.2026 13:00
Last: 29.06.2026 13:00
Sources 1
How related:
The US National Association of Insurance Commissioners (NAIC) has suffered a security breach that has exposed US citizens’ credit rating data.
About this happening:
**NAIC** disclosed a **security breach** that exposed **US citizens’ credit rating data** and briefly disrupted operations tied to **Oracle PeopleSoft**. The breach was detected o...
US National Association of Insurance Commissioners (NAIC) hit by network compromise
IncidentHow related: The US National Association of Insurance Commissioners (NAIC) has suffered a security breach that has exposed US citizens’ credit rating data.
About this happening: **NAIC** disclosed a **security breach** that exposed **US citizens’ credit rating data** and briefly disrupted operations tied to **Oracle PeopleSoft**. The breach was detected o...
Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)
Vulnerability
H score58
First: 11.06.2026 22:39
Last: 11.06.2026 22:39
Sources 1
How related:
an unauthorized actor gained access to “a portion” of its environment through the exploitation of a zero-day vulnerability in Oracle PeopleSoft, which NAIC uses for internal financial reporting purposes.
About this happening:
**Oracle PeopleSoft PeopleTools** **CVE-2026-35273** is a critical **zero-day RCE** affecting **versions 8.61 and 8.62**. Oracle has released **emergency mitigations** while a pat...
Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)
VulnerabilityHow related: an unauthorized actor gained access to “a portion” of its environment through the exploitation of a zero-day vulnerability in Oracle PeopleSoft, which NAIC uses for internal financial reporting purposes.
About this happening: **Oracle PeopleSoft PeopleTools** **CVE-2026-35273** is a critical **zero-day RCE** affecting **versions 8.61 and 8.62**. Oracle has released **emergency mitigations** while a pat...
University of Nottingham hit by cyberattack
Incident
H score68
First: 11.06.2026 10:27
Last: 11.06.2026 10:27
Sources 1
About this happening:
**ShinyHunters**/**UNC6240** exploited **CVE-2026-35273**, a **zero-day** in **Oracle PeopleSoft Enterprise PeopleTools**, between **May 27 and June 9** to breach enterprise syste...
University of Nottingham hit by cyberattack
IncidentAbout this happening: **ShinyHunters**/**UNC6240** exploited **CVE-2026-35273**, a **zero-day** in **Oracle PeopleSoft Enterprise PeopleTools**, between **May 27 and June 9** to breach enterprise syste...
Nottingham University data publication on ShinyHunters leak site
Data Leak
H score68
First: 10.06.2026 21:31
Last: 10.06.2026 21:31
Sources 1
About this happening:
**Nottingham University** data was published on the **ShinyHunters** leak site after the group claimed access to the university’s **student records system**. The exposed material...
Nottingham University data publication on ShinyHunters leak site
Data LeakAbout this happening: **Nottingham University** data was published on the **ShinyHunters** leak site after the group claimed access to the university’s **student records system**. The exposed material...
ShinyHunters Oracle PeopleSoft data theft and extortion campaign
Campaign
H score60
First: 10.06.2026 21:31
Last: 10.06.2026 21:31
Sources 1
About this happening:
**ShinyHunters**/**UNC6240** exploited **CVE-2026-35273**, a **zero-day** in **Oracle PeopleSoft Enterprise PeopleTools**, between **May 27 and June 9** to break into enterprise s...
ShinyHunters Oracle PeopleSoft data theft and extortion campaign
CampaignAbout this happening: **ShinyHunters**/**UNC6240** exploited **CVE-2026-35273**, a **zero-day** in **Oracle PeopleSoft Enterprise PeopleTools**, between **May 27 and June 9** to break into enterprise s...
Latest development: 11.06.2026 23:29
Google's Mandiant says the UNC6240 cluster used CVE-2026-35273, a PeopleSoft Enterprise PeopleTools zero-day, to break into Oracle PeopleSoft systems and steal data between May 27 and June 9. Oracle did not publish its advisory until June 10, so the flaw remained unpatched throughout the activity window.
Timeline
-
29.06.2026 13:00 1 articles · 1h ago
Unauthorized actor exploits Oracle PeopleSoft zero-day against NAIC
Exploitation ObservedThe US National Association of Insurance Commissioners detected a breach in which an unauthorized actor gained access to a portion of its Oracle PeopleSoft environment by exploiting a zero-day vulnerability used for internal financial reporting purposes.
Show sources
- US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw — www.infosecurity-magazine.com — 29.06.2026 13:00
-
29.06.2026 13:00 2 articles · 1h ago
NAIC publicly discloses a breach exposing credit rating data
Initial DisclosureThe US National Association of Insurance Commissioners disclosed the breach to the public, saying the incident exposed US citizens’ credit rating data and that the event had been detected earlier in June.
Show sources
- US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw — www.infosecurity-magazine.com — 29.06.2026 13:00
- US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw — www.infosecurity-magazine.com — 29.06.2026 13:00
-
29.06.2026 13:00 1 articles · 1h ago
NAIC restores most operations after PeopleSoft breach, with online invoice payments still unavailable
Mitigation Patch UpdateNAIC said it promptly contained the breach, blocked the attacker’s access, engaged outside counsel and cybersecurity experts, coordinated with the FBI, and returned most operations to normal while online invoice payment via PeopleSoft remained unavailable.
Show sources
- US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw — www.infosecurity-magazine.com — 29.06.2026 13:00