Chinese Hackers Exploit Microsoft 365 for 18 Months; Oracle PeopleSoft Vulnerability Targeted

Chinese hackers infiltrated Microsoft 365 environments, maintaining access for 18 months before detection. The attack exploited vulnerabilities to harvest sensitive data from various organizations. Simultaneously, a new vulnerability in Oracle PeopleSoft (CVE-2026-35273) was disclosed, with active exploitation reported shortly after its publication. This CVE was added to the CISA KEV list on June 12, 2026, indicating its critical nature. The vulnerability allows unauthorized access to sensitive information, impacting numerous organizations using the affected software. Additionally, Europol recently dismantled a cryptocurrency mixer service linked to cybercriminal activities, further illustrating the ongoing battle against cyber threats. The combination of these incidents highlights the evolving landscape of cyber threats and the need for robust security measures.

Key Points: • Chinese hackers maintained access to Microsoft 365 for 18 months, affecting multiple organizations. • CVE-2026-35273 in Oracle PeopleSoft was published on June 11, 2026, and is actively exploited. • Europol's takedown of a crypto mixer service underscores the ongoing fight against cybercrime.