PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data
Vulnerability in the Oracle-owned PeopleSoft software is about as critical as they come.
Signal weather
Rising
Momentum is building quickly, so this card is a good early entry point into the topic.
One of the world’s most active ransomware groups exploited a critical vulnerability in Oracle’s PeopleSoft software suite and used it to target about 100 customers and extort at least one of them to pay up in exchange for not leaking stolen data, researchers said. The group, tracked as ShinyHunters, had been exploiting the PeopleSoft vulnerability for more than two weeks before Oracle flagged it. CVE-2026-35273, as the vulnerability is tracked, carries a severity rating of 9.8 out of 10, making the former zero-day one of the year’s most critical vulnerabilities to be exploited. Google’s Mandiant security team said it’s an SSRF (server-side request forgery), a vulnerability that allows attackers to send requests from a susceptible server to systems used by the targeted organization. Oracle said the SSRF is remotely exploitable, and the company has issued a stopgap mitigation but has yet to fully patch the flaw. Google has confirmed that victims are receiving extortion demands. Read full article Comments
Stay on the signal
Follow PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data
Follow this story beyond a single article: new follow-ups, adjacent sources, and the evolving storyline.
Story map
Understand this topic fast
A quick entry into the story: why it matters now, who is involved, and where to go next for context.
Why it matters now
Topic constellation
Open the live map for this story
See which entities, story threads, sources, and follow-up articles shape this story right now.
Click nodes to continue
Entity pages
Story timeline
Continue with this story
A short sequence of events and follow-up stories to understand the arc quickly.
How reliable this looks
Signal and trust for Ars Technica
This source works at a rapid pace: 100% of recent stories land in the hot window, and 0% carry visible search signal.
Reliability
92
Freshness
100
Sources in storyline
1
Related articles
More stories that share tags, source, or category context.
Controversial FISA spying law expires tonight. The spying will continue.
Section 702 of FISA to expire tonight, but certification lasts until March 2027.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Here's what Jeff Bezos' new startup Prometheus will do
It isn't the only startup tackling physical AI, but it's one of the best-funded.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Have politics finally come for the National Academies of Science?
A pending report on climate attribution may be setting the stage for conflict.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Ukraine's one-time test used fully autonomous drones to kill Russian soldiers
Full autonomy is rare, but Ukraine is installing AI modules on drones and robots.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
More from Ars Technica
Fresh reporting and follow-up coverage from the same newsroom.
Controversial FISA spying law expires tonight. The spying will continue.
Section 702 of FISA to expire tonight, but certification lasts until March 2027.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Here's what Jeff Bezos' new startup Prometheus will do
It isn't the only startup tackling physical AI, but it's one of the best-funded.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Have politics finally come for the National Academies of Science?
A pending report on climate attribution may be setting the stage for conflict.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.
Ukraine's one-time test used fully autonomous drones to kill Russian soldiers
Full autonomy is rare, but Ukraine is installing AI modules on drones and robots.
Signal weather
Momentum is building quickly, so this card is a good early entry point into the topic.
Why now
Fresh coverage with immediate momentum.