2026-07-03 – Urgent Warning: Critical Oracle PeopleSoft and E-Business Flaws Under Active Exploit

Urgent Warning: Critical Oracle PeopleSoft and E-Business Flaws Under Active Exploit

Executive Summary

Vulnerabilities in widely deployed enterprise resource planning (ERP) suites are increasingly being weaponized by cybercriminals to execute massive corporate data thefts. A critical zero-day vulnerability in Oracle PeopleSoft and E-Business Suite (tracked as CVE-2026-35273) has faced active, global exploitation. The notorious extortion group ShinyHunters has been observed exploiting this unauthenticated remote code execution (RCE) flaw to break into corporate databases. A prominent victim, automotive giant Nissan, recently disclosed a major data breach of current and former employee files stemming from the compromise of an Oracle PeopleSoft system. Organizations utilizing Oracle’s enterprise software must patch immediately to prevent catastrophic data exposure.

Deep-Dive Technical Analysis

Oracle PeopleSoft and E-Business Suite are core enterprise suites used by multinational corporations and government bodies to manage human resources, payroll, supply chain data, and financial transactions.

The mechanics of this active threat campaign reveal highly efficient data theft operations:

* The Vulnerability (CVE-2026-35273): This high-severity zero-day vulnerability allows unauthenticated, remote attackers to achieve remote code execution (RCE) on the host server. The flaw lies within the web-portal endpoints of the Oracle application server, which fail to properly sanitize incoming API requests.

* Exploitation and Access: Attackers send crafted payloads to the vulnerable endpoints, bypassing authentication checks and executing arbitrary system commands under the highly privileged context of the database service account.

* Targeted Data Extraction (The Nissan Breach): Once inside, extortion groups like ShinyHunters target the central database containing human resource and employee files. In the Nissan case, the attackers compromised the corporate Oracle PeopleSoft environment, successfully exfiltrating massive datasets containing the personal, financial, and employment information of current and former employees.

* Broad Blast Radius: As cybersecurity experts at Huntress have noted, the Nissan incident demonstrates how vulnerabilities in widely deployed enterprise software can rapidly evolve into large-scale, automated data theft campaigns. Attackers do not attack single systems manually; instead, they script the exploit to scan and target hundreds of vulnerable Oracle deployments globally, maximizing their harvest before patches are applied.

Industry Impact and Recommendations

An ERP suite compromise represents a worst-case scenario for corporate cybersecurity. The exposure of employee Social Security numbers, bank accounts, and addresses creates immense litigation risks, regulatory fines (such as GDPR or CCPA violations), and opens the door for targeted corporate espionage and spear-phishing campaigns.

We advise all IT administrators and security teams to implement the following immediate security controls:

1. Apply Oracle Cumulative Security Patches Immediately: Ensure all Oracle PeopleSoft and E-Business Suite deployments are updated with the latest security patches released by Oracle addressing CVE-2026-35273.

2. Isolate ERP Applications: Never expose Oracle PeopleSoft or similar database management consoles directly to the public internet. Ensure these systems are isolated behind a strict corporate intranet or secured behind a multi-factor authentication (MFA) VPN with restricted IP whitelisting.

3. Enforce Least Privilege and Column Encryption: Adhere to the principle of least privilege. Implement strict column-level database encryption for highly sensitive fields (such as SSNs, bank details, and NRIC numbers) to prevent cleartext exfiltration even if the host server is compromised.

4. Monitor Database and API Access Logs: Audit all incoming API traffic to Oracle endpoints for anomalous, high-frequency requests or unusual parameters. Monitor database query logs for large-scale data dump attempts originating from administrative service accounts.

References:

* Computing UK

* Cyber Recaps