A newly discovered zero-day vulnerability in Oracle's PeopleSoft software has been actively exploited against hundreds of organizations, with attackers making off with gigabytes of sensitive data, according to Ars Technica.
PeopleSoft is widely used enterprise software — the kind that runs payroll, HR systems, and financial operations for universities, government agencies, hospitals, and large corporations around the world. That makes it an unusually high-value target: a single breach can expose employee records, financial data, and personally identifiable information at scale.
Ars Technica describes the vulnerability as "about as critical as they come," a characterization that reflects both the severity of the flaw and the breadth of its impact. A zero-day means the vulnerability was unknown to the vendor when attackers began exploiting it, giving defenders no head start on patching or mitigation.
Oracle acquired PeopleSoft in 2005 and has continued to develop and support the platform for large enterprise customers, many of whom rely on it for core business functions. The sheer volume of data reportedly stolen — gigabytes, across hundreds of targets — suggests either a coordinated campaign or an exploit that has been circulating quietly for some time.
For ordinary people, this matters because PeopleSoft often sits at the center of institutions that hold their most sensitive personal and financial information — their employer, their university, or their local government. A breach here is rarely just an IT problem; it can mean stolen identities, leaked salaries, or compromised benefits records affecting thousands of real people.