12 Jun 2026
Week in review
Greetings,
Oracle has issued an urgent security advisory addressing a critical vulnerability in its widely used PeopleSoft platform, amid growing concerns that the flaw may already be exploited in real-world attacks.
The vulnerability, tracked as CVE-2026-35273, affects PeopleSoft Enterprise PeopleTools versions 8.61 and 8.62 and could allow unauthenticated attackers to remotely execute code on affected systems. As PeopleSoft supports essential business functions such as HR, payroll, finance, and supply chain operations, potential impact of such a flaw is significant for large organisations globally.
While Oracle has released mitigation guidance, it has yet to provide a full patch. The company has also not confirmed whether the vulnerability is being actively exploited as a zero-day, though it has strongly urged customers to follow its guidance immediately to reduce risk.
Concern has been heightened by reports linking the issue to activity from the cybercriminal group ShinyHunters. The group has claimed to have targeted hundreds of PeopleSoft instances across more than 100 organisations, allegedly combining previously known flaws with zero-day vulnerabilities to access sensitive data. Security researchers have observed at least some level of exploitation, reinforcing the urgency of the situation.
The education sector appears particularly affected, with institutions such as the University of Nottingham confirming data breaches linked to the campaign.
This latest development highlights the ongoing risks facing enterprise software environments and highlights the importance of timely mitigation, monitoring and rapid response capabilities. Organisations relying on PeopleSoft are being advised to prioritise Oracle’s recommendations as investigations continue and more details emerge.
Cisco warns of unpatched SD-WAN zero-day exploited in attacks
Date: 2026-06-05
Author: Bleeping Computer
[See AUSCERT bulletin https://portal.auscert.org.au/bulletins/ESB-2026.6227.2/]
On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation.
The zero-day flaw impacts all deployment types, including On-Prem Deployment, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP).
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
Date: 2026-06-06
Author: The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash under certain conditions. CISA described it as an uncontrolled resource consumption vulnerability that results in a DoS condition.
Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Date: 2026-06-10
Author: The Hacker News
[AUSCERT has published relevant security bulletins]
Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure.
The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It's tracked as CVE-2026-25089 (CVSS score: 9.1).
Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code
Date: 2026-06-09
Author: The Hacker News
[AUSCERT has contacted affected members where applicable]
Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution.
Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0.
"A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory.
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks
Date: 2026-06-10
Author: Bleeping Computer
[AUSCERT has published a relevant security bulletin – https://portal.auscert.org.au/bulletins/ASB-2026.0123/]
Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations.
PeopleSoft is an enterprise business software suite used by large organizations to manage business operations such as human resources, payroll, finance, supply chain management, procurement, and student administration.
ESB-2026.6355 – Google Chrome: CVSS (Max): 9.6*
Google Chrome addresses 74 security vulnerabilities, including 17 Critical issues, and also fixes a High-severity vulnerability that is known to be actively exploited in the wild.
ESB-2026.6391 – Adobe Campaign Classic: CVSS (Max): 10
Adobe has released security updates for Adobe Campaign Classic. This update addresses critical vulnerabilities that could result in arbitrary code execution.
ESB-2026.6438 – Fortinet FortiSandbox: CVSS (Max): 9.1
A vulnerability in the FortiSandbox web UI involving improper neutralization of special elements used in an OS command may allow an unauthenticated attacker to execute unauthorized commands through specially crafted HTTP requests.
ESB-2026.6460 – Palo Alto Products: CVSS (Max): 9.3
A vulnerability involving improper validation of credentials in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources.
ESB-2026.6473 – Splunk Enterprise: CVSS (Max): 10
Splunk Enterprise updates multiple components including Go, MongoDB, aiohttp, OpenTelemetry, PostgreSQL, etcd-related binaries, Log4j, and Cloudflare CIRCL libraries to address a range of security vulnerabilities, including some with associated CVE identifiers.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
