CVE-2026-35273 in Oracle PeopleSoft was leveraged to extort over 100 organisations; Google identified 68% of targets in the higher education sector with stolen data exceeding 40 GB.