CVE Tools
Back to feed
SecurityWeek ·EN-US News source Exploited in the wild ShinyHuntersOracle PeopleSoft

Insurance Regulators Group NAIC Hit in Oracle PeopleSoft Hack

By Eduard Kovacs··2 min read
CVE Tools coverage

The National Association of Insurance Commissioners (NAIC) says it was targeted in the recent Oracle PeopleSoft attack chain involving the zero-day vulnerability CVE-2026-35273, which enables unauthenticated remote code execution. NAIC reports unauthorized access discovered on June 11, with attackers obtaining statutory financial reporting and related technical data; however, it states personally identifiable information and payment/financial account details were not compromised. The incident matters because a widely used enterprise platform vulnerability is being actively leveraged by the ShinyHunters group and regulators are now confirming real-world impact.