What Happened
Oracle has mitigated CVE-2026-35273, but it has not publicly confirmed the vulnerability’s in-the-wild exploitation. The post Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters appeared first on SecurityWeek .
Why It Matters
SecurityWeek reports that Google has confirmed in-the-wild exploitation of an Oracle PeopleSoft zero-day (CVE-2026-35273) by the ShinyHunters extortion group, following earlier indications that ShinyHunters had compromised hundreds of PeopleSoft environments using a mix of known and unknown flaws.[1][2][7] Oracle has issued mitigations for CVE-2026-35273 but has not publicly confirmed the zero-day’s active exploitation itself.[7] From a CyberSE.AI perspective, this underscores significant software supply chain and third-party ERP platform risk for any AI or data workflows that depend on Oracle PeopleSoft, including potential compromise of training data, business logic integrations, and identity systems connected to AI agents. Organizations should rapidly inventory and patch all PeopleSoft components, update SBOMs and dependency maps for systems feeding AI models, and reassess AI threat models to account for upstream ERP compromise as a high-impact initial access vector.
CyberSE Analysis
This signal maps to AI supply chain. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.
Recommended Actions
- Restrict AI agent tool permissions and production write paths.
- Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
- Add human approval workflows for high-impact or state-changing actions.
- Run prompt injection and indirect prompt injection tests against affected workflows.
- Document the owner, control gap, and remediation deadline for this risk class.