Oracle’s Dual Headache: A Zero-Day Breach and a Compliance Stumble Cloud Record Cloud Growth
19.06.2026 - 18:56:10 | boerse-global.de
Oracle is barreling ahead with one of the most aggressive infrastructure build-outs in tech, but two very different problems are threatening to pull the rug from under the stock. A critical zero-day vulnerability in the company’s PeopleSoft HR software has been actively exploited by ransomware gangs for weeks, while a separate compliance gap has reportedly blown up a potential multi-billion-dollar deal with Microsoft. Together, the twin setbacks are testing investor confidence in a company that just posted stratospheric cloud revenue growth.
PeopleSoft Under Fire
The security incident is anything but minor. Hackers from the ShinyHunters group have been exploiting an unpatched flaw in PeopleSoft — one that carries a severity rating of 9.8 out of 10. The vulnerability requires no password, no user interaction, and only a network connection to give an attacker full control of a server. Hundreds of instances across multiple organizations, particularly in the education sector, have been compromised.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) moved quickly, adding the flaw to its list of actively exploited vulnerabilities and mandating that federal agencies patch it by Monday. Oracle has since released emergency updates and is warning corporate customers about the risk to sensitive personnel data. The timing is especially awkward: the company recently won a nearly $396 million contract to build a cloud-based HR platform for 2 million U.S. federal employees, displacing rival Workday. That deal instantly puts Oracle’s system security under the government’s microscope.
A $3 Billion Deal That Wasn’t
Meanwhile, a separate compliance issue is casting a longer shadow over Oracle’s public cloud ambitions. Business Insider reported that Microsoft walked away from a deal to lease Oracle cloud infrastructure worth more than $3 billion. The reason: Oracle’s public cloud lacks FedRAMP certification — the security framework required for processing U.S. government data. The company’s dedicated Government Cloud has the certification, but the standard public cloud does not.
Should investors sell immediately? Or is it worth buying Oracle?
Oracle publicly disputed the report, insisting that Microsoft remains both a partner and a customer. Microsoft has not commented. What is clear, however, is that competitors are better positioned. Both AWS and Google Cloud already have FedRAMP authorization for their public clouds, making them more attractive partners for hyperscalers scrambling to meet exploding AI demand. An Oracle executive acknowledged that closing the gap would require “significant development effort.”
The pattern is telling. Oracle obtained FedRAMP certification when it wanted to land the government HR contract — a long-term application deal. For pure infrastructure rental, the company appears to have made a different calculation, and that calculation may have cost it a $3 billion opportunity.
Record Revenue, Negative Free Cash Flow
None of this is happening in a vacuum. Oracle just closed a fiscal fourth quarter with $19.2 billion in revenue, up 21% year over year, driven by a 93% surge in cloud infrastructure. For the full fiscal 2026, revenue reached $67.4 billion. Management is guiding for $90 billion in fiscal 2027, with adjusted earnings per share of $8.05 — an 18% increase. For the current quarter, they project revenue growth of 27% to 29% and adjusted EPS between $1.72 and $1.76.
Those numbers are impressive, but they come at a cost. Oracle financed its data-center expansion last fiscal year by raising $43 billion in debt and $5 billion in equity. Capital expenditures hit $55.7 billion, and free cash flow was negative $23.7 billion. The company is betting big that the AI infrastructure wave will reward the spending, but the combination of a huge debt load, a security incident, and a compliance gap is giving some investors pause.
Analyst Targets Still Show Confidence
On the Street, most analysts are sticking with their bullish calls. BMO Capital raised its price target to $220, Piper Sandler sees $225, and Wedbush trimmed slightly to $240. The consensus target sits at about $252 — a substantial premium to today’s levels. But that optimism depends on Oracle executing flawlessly, something the current headlines make harder to assume.
Oracle at a turning point? This analysis reveals what investors need to know now.
The stock itself has been under pressure. It changed hands recently at around €161, a drop of roughly 2.3% on the day the Microsoft story broke and about 42% below its September high of €280.70. On a year-to-date basis, the decline is about 5%, though over the past 12 months the loss is closer to 11%.
Two Speed Bumps or Structural Barriers?
Oracle now faces a dual stress test. The PeopleSoft breach demands an urgent, costly security response, especially as the government HR contract begins to ramp up. The FedRAMP gap raises questions about whether the company’s public cloud can compete for the kind of hyperscaler partnerships that will define the next phase of AI infrastructure investment.
Both issues are solvable in theory: patches can be applied, certifications can be pursued. But in a market where every misstep is amplified, Oracle needs to show that these are temporary speed bumps, not evidence of a deeper structural weakness. The next few months will reveal whether its growth story can survive the scrutiny.
Ad
Oracle Stock: New Analysis - 19 June
Fresh Oracle information released. What's the impact for investors? Our latest independent report examines recent figures and market trends.
