Topic: oracle vulnerability
-
Urgent Oracle EBS Vulnerability Alert (CVE-2025-61884)
A critical security flaw, CVE-2025-61884, has been identified in Oracle's E-Business Suite, affecting versions 12.2.3 to 12.2.14 and potentially earlier versions like 12.1.3, allowing unauthenticated attackers to exploit it via HTTP. Exploitation of this vulnerability could result in unauthorized...
Read More » -
Urgent CISA Alert: Active Oracle Identity Manager RCE Exploits
A critical security vulnerability (CVE-2025-61757) in Oracle Identity Manager allows attackers to execute remote code without authentication by exploiting weaknesses in REST API security filters. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to pat...
Read More » -
Oracle Quietly Patches Critical Zero-Day Exposed by Hackers
Oracle urgently patched a critical pre-authentication SSRF vulnerability (CVE-2025-61884) in its E-Business Suite after the ShinyHunters group leaked a working exploit, enabling unauthorized access without login credentials. Two separate threat actors, Clop and ShinyHunters, exploited distinct Or...
Read More » -
Oracle Fixes Zero-Day Exploited in Clop Ransomware Attacks
Oracle has issued an urgent alert for a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite, allowing unauthenticated remote code execution and actively exploited by the Clop ransomware group for data theft. The vulnerability affects versions 12.2.3 to 12.2.14, with Oracle re...
Read More » -
Clop Hackers Use Oracle Zero-Day to Steal Executive Data
Oracle has patched a critical zero-day vulnerability (CVE-2025-61882) in its E-Business Suite, which hackers exploited to steal sensitive personal data from corporate executives without needing login credentials. The hacking group Clop has been linked to this mass exploitation campaign, sending e...
Read More » -
Washington Post Data Breach Hits 10,000 Employees, Contractors
A data breach at The Washington Post exposed personal and financial data of nearly 10,000 employees and contractors, exploiting a zero-day vulnerability in the Oracle E-Business Suite software. The attack, linked to the Clop ransomware gang, involved unauthorized network access from July to Augus...
Read More » -
Envoy Air Hit by Oracle Data Breach, American Airlines Confirms
The Clop ransomware gang breached Envoy Air's Oracle E-Business Suite, claiming responsibility and accusing the company of neglecting security, though Envoy confirmed no sensitive customer data was accessed. This attack is part of a broader campaign by Clop exploiting zero-day vulnerabilities in ...
Read More » -
Barts Health NHS Data Breach Linked to Oracle Zero-Day Hack
A global cyberattack exploiting a critical Oracle software flaw (CVE-2025-61882) led to a data breach at Barts Health NHS Trust, stealing invoice files containing patient and former employee personal information. The Clop ransomware gang published the stolen data on the dark web, and Barts Health...
Read More » -
Logitech Data Breach Confirmed After Clop Ransomware Attack
Logitech confirmed a data breach by the Clop ransomware group, involving stolen information from Oracle E-Business Suite systems, as disclosed in an SEC filing. The compromised data includes limited employee, consumer, customer, and supplier details, but sensitive information like national IDs an...
Read More »