A critical zero-day vulnerability in Oracle's PeopleSoft software has enabled attackers to steal gigabytes of data from hundreds of organizations. The flaw requires immediate patching across affected deployments.
A zero-day vulnerability in PeopleSoft, Oracle's enterprise resource planning software, is actively being exploited to extract large quantities of data from multiple organizations.
The vulnerability ranks among the most severe security flaws, with attackers gaining the ability to access and exfiltrate gigabytes of sensitive information. PeopleSoft serves organizations across finance, human resources, and supply chain management—making compromised systems a significant risk for data breaches.
Hundreds of organizations running vulnerable PeopleSoft instances have been targeted. The scope of the attack indicates this is not a targeted campaign but rather widespread exploitation of the flaw.
Oracle has not yet released a patch for the vulnerability. Organizations using PeopleSoft are advised to implement compensating controls, isolate affected systems where possible, and monitor for unauthorized access. Security teams should prioritize detection of anomalous data access and exfiltration attempts.
The incident underscores persistent risks in enterprise software. Zero-day vulnerabilities—flaws unknown to vendors before public exploitation—are particularly dangerous because no patch exists at the time of attack. The delay between discovery and patch deployment creates a critical window of exposure.
Organizations should assume systems may already be compromised and conduct forensic analysis of access logs and data transfers. Credential rotation for accounts with PeopleSoft access is recommended as a precautionary measure.
Oracleowned PeopleSoft handles sensitive employee and financial data for large enterprises globally. A breach of this scale could expose personally identifiable information, salary data, benefits information, and other confidential business records.
This marks another significant vulnerability in widely-used enterprise software, following a pattern of high-impact flaws in critical infrastructure and business systems. Organizations continue to face elevated risk during the period between vulnerability disclosure and patch availability.
Security researchers discovered 21 previously unknown vulnerabilities in FFmpeg, the widely-used multimedia framework. The findings raise concerns about the security posture of a project relied upon by millions of applications.
An unnamed British police officer faces criminal investigation for allegedly using artificial intelligence to create evidence in multiple cases. The officer has been removed from frontline duties in what authorities describe as the first known case of its kind in the UK.
A growing market of DIY gadgets in China allows drivers to circumvent Tesla's distracted-driving safeguards. Tiny plastic heads, blinking screens, and celebrity figurines trick the vehicle's camera into thinking the driver is paying attention.
Section 702 of the Foreign Intelligence Surveillance Act expires tonight, but surveillance operations will proceed under a certification that remains valid until March 2027.