Tag: oracle
-
Week in review: SimpleHelp vulnerability exploited, Oracle EBS Payments flaw under attack
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Companies keep bolting AI onto their products, and the security bill is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/07/05/week-in-review-simplehelp-vulnerability-exploited-oracle-ebs-payments-flaw-under-attack/
-
Breach Roundup: DeepSeek Sparks Browser Ransomware
Tags: ai, attack, breach, cisa, data, data-breach, fraud, india, iphone, oracle, penetration-testing, ransomwareAlso, False Negatives Causes Trust in AI Pentest to Drop. This week: a DeepSeek browser-only ransomware path, AI pen testing trust dropped, Mustang Panda targeted India, Tata breach exposed iPhone 18 data, CISA flagged BlueHammer in ransomware attacks, 950 Oracle EBS systems exposed, Amazon to pay U.S. Federal Trade Commission penalty over fraud records. First…
-
950 Oracle E-Business Suite Instances Exposed as CVE-2026-46817 Attacks Observed in the Wild
Around 950 internet-facing Oracle E-Business Suite (EBS) instances have been identified as exposed following enhanced scanning efforts. At the same time, active exploitation attempts tied to CVE-2026-46817 have already been observed in the wild. The findings were disclosed by The Shadowserver Foundation, which recently expanded its fingerprinting capabilities through domain-based scanning in collaboration with Validin.…
-
Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed
Oracle E-Business Suite flaw CVE-2026-46817 is under active attack, with about 950 vulnerable internet-facing instances still exposed. This week, Defused Cyber researchers warned that a critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited. The flaw affects Oracle Payments versions 12.2.3 through 12.2.15 and allows unauthenticated attackers to take over vulnerable…
-
Researchers spot exploitation of another critical Oracle defect
The defect impacts a popular collection of business applications that attackers have hit before in widespread attack sprees. First seen on cyberscoop.com Jump to article: cyberscoop.com/oracle-ebs-critical-vulnerability-exploited/
-
Critical flaw in Oracle E-Business Suite is under immediate threat
Researchers warn that successful exploitation of the vulnerability could allow an attacker to compromise Oracle Payments. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-flaw-oracle-e-business-suite-threat/824230/
-
Over 900 Oracle E-Business instances exposed to ongoing attacks
Over 900 Oracle E-Business Suite (EBS) instances have been found exposed online amid ongoing attacks exploiting a critical security flaw. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-900-oracle-e-business-instances-exposed-to-ongoing-attacks/
-
Critical Oracle E-Business Suite bug actively exploited
First seen on scworld.com Jump to article: www.scworld.com/news/critical-oracle-e-business-suite-bug-actively-exploited
-
Nissan confirms employee data exposed in Oracle PeopleSoft cyberattack
First seen on scworld.com Jump to article: www.scworld.com/brief/nissan-confirms-employee-data-exposed-in-oracle-peoplesoft-cyberattack
-
Nissan Traces Data Breach to PeopleSoft Zero-Day Exploit
Extortionists Add National Association of Insurance Commissioners to Breach List. Japanese automotive giant Nissan and the U.S. National Association of Insurance Commissioners are the latest organizations to confirm they fell victim to cyber extortionists who recently wielded a zero-day exploit against Oracle PeopleSoft, leading to the theft of data. First seen on govinfosecurity.com Jump to…
-
Nissan Discloses Employee Data Breach Linked to Oracle Zero-Day
Nissan says employees’ data was stolen via the Oracle PeopleSoft zero-day campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nissan-oracle-peoplesoft-zero-day/
-
Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817)
Exploitation attempts targeting a critical vulnerability (CVE-2026-46817) in Oracle Payments, the payment-processing module within Oracle’s E-Business Suite (EBS), have … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/30/oracle-payments-cve-2026-46817-exploitation/
-
Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817
Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments. A critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited in the wild, according to cybersecurity firm Defused Cyber. >>CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being…
-
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber.The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances.”Easily exploitable vulnerability allows First seen on thehackernews.com…
-
Nissan discloses employee data breach linked to Oracle zero-day attacks
Nissan is warning that it suffered a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability in data theft attacks previously linked to the ShinyHunters extortion group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nissan-discloses-employee-data-breach-linked-to-oracle-zero-day-attacks/
-
NAIC says public data stolen in ShinyHunters’ PeopleSoft breach
The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems by exploiting a zero-day vulnerability in an Oracle PeopleSoft server. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/naic-says-public-data-stolen-in-shinyhunters-peoplesoft-breach/
-
Insurance body confirms hackers posted Oracle PeopleSoft breach data
NAIC warned that some ratings agencies have suspended data feeds as a precaution.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/insurance-body-hackers-oracle-peoplesoft-breach-data/823978/
-
Hackers now exploit critical Oracle E-Business flaw in attacks
Attackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-oracle-e-business-suite-flaw-now-exploited-in-attacks/
-
US Federal Insurance Regulator Confirms Data Breach Via Oracle Flaw
An attacker has exploited a zero day in Oracle Peoplesoft to gain access to the IT systems of the NAIC, the standard-setting association for the US federal insurance system First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-insurance-regulator-confirms/
-
CISA warnt vor aktiv ausgenutzter CVE-2024-21182 – Alte Oracle-WebLogic-Lücke gefährdet über 1.500 ungepatchte Server
First seen on security-insider.de Jump to article: www.security-insider.de/oracle-weblogic-cve-2024-21182-t3-iiop-cisa-kev-a-b4ce296b16240c31441f41897cf80448/
-
Massive breach spills credentials for thousands of sensitive networks
The affected include Oracle, Lenovo, FedEx, a NATO contractor, and Fortinet. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/06/massive-breach-spills-credentials-for-thousands-of-sensitive-networks/
-
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups
Tags: authentication, cisa, control, cve, cyber, cybersecurity, exploit, flaw, group, infrastructure, oracle, ransomware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273. This vulnerability, categorized as CWE-306 (Missing Authentication for Critical Function), allows unauthenticated attackers to gain full control of vulnerable PeopleSoft environments. According to CISA, this flaw…
-
CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups
Tags: authentication, cisa, control, cve, cyber, cybersecurity, exploit, flaw, group, infrastructure, oracle, ransomware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273. This vulnerability, categorized as CWE-306 (Missing Authentication for Critical Function), allows unauthenticated attackers to gain full control of vulnerable PeopleSoft environments. According to CISA, this flaw…
-
ShinyHunters Hits Universities Via Oracle Zero-Day
Mandiant: 68% of Targets Were Higher Ed Institutions Running PeopleSoft. ShinyHunters exploited a critical zero-day in Oracle PeopleSoft to breach more than 100 organizations globally, researchers at Mandiant and Google’s Threat Intelligence Group said, with universities and colleges accounting for the majority of confirmed targets in the active extortion campaign. First seen on govinfosecurity.com Jump…
-
Oracle Warns PeopleSoft Customers After Critical Zero-Day Exploited
Oracle issued emergency guidance for CVE-2026-35273, a critical PeopleSoft flaw exploited in a ShinyHunters-linked campaign targeting universities. The post Oracle Warns PeopleSoft Customers After Critical Zero-Day Exploited appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-oracle-peoplesoft-zero-day-shinyhunters/
-
Mandiant bestätigt CVE-2026-35273 und aktive Angriffe – ShinyHunters missbrauchen Zero-Day-Lücke in Oracle PeopleSoft
First seen on security-insider.de Jump to article: www.security-insider.de/shinyhunters-oracle-peoplesoft-zero-day-cve-2026-35273-a-8b23ff9753f50c14facb5845c4b23ee4/
-
Week in review: Exploited Check Point VPN zero-day, Oracle PeopleSoft servers under attack
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: DockSec: Open-source AI-powered Docker security scanner DockSec is an OWASP … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/14/week-in-review-exploited-check-point-vpn-zero-day-oracle-peoplesoft-servers-under-attack/
-
The FCC Wants to Kill Burner Phones
Plus: AI bug hunting fuels Microsoft’s biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-the-fcc-wants-to-kill-burner-phones/
-
U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, oracle, technology, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle PeopleSoft Enterprise PeopleTools flaw, tracked as CVE-2026-35273 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Oracle PeopleSoft Enterprise PeopleTools is the underlying technology platform…
-
ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed
A major bug in Oracle’s ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/shinyhunters-oracle-zero-day-higher-ed

