Major Software Vulnerability Being Fixed: What HR Employees and Job Seekers Should Know
Oracle is addressing a security flaw in PeopleSoft, software used by many companies for HR and payroll. If you use PeopleSoft at work, your employer should be fixing this.
Source
SecurityWeek
Original headline: Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks
Plain-English summary by GetCyberRight. Read the full report at the source above.
Oracle has released security mitigations for a vulnerability in its PeopleSoft software. The vulnerability is identified as CVE-2026-35273 (an industry tracking number for this software flaw), and there are reports it may have been exploited in attacks linked to a hacking group called ShinyHunters. PeopleSoft is commonly used by large companies, universities, and government agencies to manage human resources, payroll, and employee information. Oracle has not confirmed whether this vulnerability was actively exploited before the fix was made available. This affects people who work for organizations that use PeopleSoft for HR functions. If your company uses this software, employee data such as names, addresses, Social Security numbers, salary information, and benefits details could potentially be stored in the system. A vulnerability means hackers might have found a way to access this information without authorization.
If you have ever applied for a job at a company that uses PeopleSoft, your application information might also be stored there.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Here is what you should do. First, contact your company's HR department or IT help desk and ask if they use PeopleSoft and whether they have applied the latest security updates. You have a right to know if your employer is protecting your personal information. Second, monitor your credit reports for any unusual activity. You can get free credit reports from each of the three major credit bureaus once per year. Third, watch for suspicious emails or phone calls from people claiming to be from your employer and asking for personal information. Criminals sometimes use stolen HR data to craft convincing phishing scams. Fourth, if your employer confirms they were affected, ask what specific data may have been exposed and whether they are offering credit monitoring services. For long term protection, consider placing a fraud alert or security freeze on your credit reports. This makes it harder for criminals to open new accounts in your name. Use strong, unique passwords for any employee portals you access. Save copies of your pay stubs and important work documents in case you need them later.
Remember that your employer has a responsibility to protect your data, so do not hesitate to ask questions about their cybersecurity practices.
Curated from trusted cybersecurity sources by GetCyberRight
Source: SecurityWeekStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
Oracle Fixes Security Hole in Workplace Software: What Employees and HR Users Should Know
Oracle released security fixes for PeopleSoft software used by many companies for payroll and HR. If you access employee systems at work, watch for updates from your IT department.
2 min read
False Security Alert Causes Confusion for Some Organizations
A security researcher's testing accidentally triggered alerts that made some companies think they were being hacked, but no actual breach occurred.
2 min readFalse Alarm: Security Alert About Business Software Turned Out to Be a Mistake
Organizations using ServiceNow software received scary security warnings, but it was a false alarm caused by security testing, not a real attack.
2 min read
Spotify's Hidden Scam: Fake Podcasts That Push Illegal Drugs
Congressional report reveals thousands of fake Spotify podcasts designed to trick listeners and promote illegal pharmacy sites through manipulated search results.
3 min read