Tag: oracle
-
PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data
Vulnerability in the Oracle-owned PeopleSoft software is about as critical as they come. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/06/peoplesoft-0-day-affecting-hundreds-of-organizations-steals-gigabytes-of-data/
-
Oracle fixes PeopleSoft flaw exploited by ShinyHunters
A zero-day vulnerability affecting Oracle’s PeopleSoft products is being exploited by a ShinyHunters campaign targeting schools and universities. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644375/Oracle-fixes-PeopleSoft-flaw-exploited-by-ShinyHunters
-
ShinyHunters linked to exploitation of critical flaw in Oracle PeopleSoft
More than 100 organizations, about two-thirds in higher education, have been notified of potential impact. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/shinyhunters-exploitation-critical-flaw-oracle-peoplesoft/822796/
-
ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw
Oracle still hasn’t patched the vulnerability the group has been using in its attacks since late May. First seen on cyberscoop.com Jump to article: cyberscoop.com/oracle-peoplesoft-zero-day-vulnerability-shinyhunters-extortion/
-
ShinyHunters Target Universities in Oracle PeopleSoft Zero-Day Attack
Google says ShinyHunters exploited Oracle PeopleSoft zero-day to steal data from 100+ organisations, with universities making up most victims. First seen on hackread.com Jump to article: hackread.com/shinyhunters-universities-oracle-peoplesoft-zero-day-attack/
-
Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign
Tags: advisory, breach, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, update, vulnerability, zero-dayShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran…
-
Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign
Tags: advisory, breach, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, update, vulnerability, zero-dayShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran…
-
Zero-Day-Lücke: ShinyHunters hacken über 100 Organisationen
Die Hackergruppe ShinyHunters nutzt eine Zero-Day-Lücke in Oracle PeopleSoft aus, um weltweit über 100 Organisationen anzugreifen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/shinyhunters-100-organisationen
-
Oracle PeopleSoft Zero-Day RCE Vulnerability Exploited by ShinyHunters
Tags: cve, cvss, cyber, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, vulnerability, zero-dayA newly disclosed zero-day vulnerability in Oracle PeopleSoft is being actively exploited by the ShinyHunters threat group, according to a joint investigation by Mandiant and Google Threat Intelligence Group (GTIG). Tracked as CVE-2026-35273 with a critical CVSS score of 9.8, the flaw affects the Environment Management component and enables unauthenticated remote code execution. Researchers confirmed…
-
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest.Google’s Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its…
-
Oracle warns of security bug that hackers abused to breach 100+ companies
The tech giant warned of a security flaw that a cybercrime gang said it’s exploiting as part of a mass-hacking campaign. Google said it notified more than 100 organizations that had potentially vulnerable servers. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/11/oracle-warns-of-security-bug-that-hackers-abused-to-breach-100-companies/
-
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks
Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oracle-mitigates-peoplesoft-zero-day-exploited-in-data-theft-attacks/
-
Oracle PeopleSoft servers under attack, Oracle pushes outband security alert
A zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being exploited in the wild, Charles Carmakal, CTO at cybersecurity firm Mandiant, part of Google … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/11/oracle-peoplesoft-under-attack-cve-2026-35273/
-
ShinyHunters gang targets Oracle PeopleSoft servers in data theft attacks
First seen on scworld.com Jump to article: www.scworld.com/brief/shinyhunters-gang-targets-oracle-peoplesoft-servers-in-data-theft-attacks
-
Cybercriminals claim breach of Oracle PeopleSoft servers at 100-plus organizations
The ShinyHunters hacking gang claims to have compromised the Oracle PeopleSoft servers of more than 100 organizations, including many universities. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/10/cybercriminals-claim-breach-of-oracle-peoplesoft-servers-at-100-plus-organizations/
-
Breach Roundup: Microsoft Tries to Mend Researcher Bridges
Also: Gas Station Monitoring Systems Under Attack, Spanish Teen Doxer Arrested. This week, more happened than fits here: Microsoft tried to make nice with researchers, gas tank gauges under attack in the United States, fake FIFA websites are everywhere. Russia cried cyberespionage, Spanish police arrested a teenaged doxer, a Oracle Weblogic flaw was actively exploited.…
-
Breach Roundup: Microsoft Tried to Mend Researcher Bridges
Also: Gas Station Monitoring Systems Under Attack, Spanish Teen Doxer Arrested. This week, more happened than fits here: Microsoft tried to make nice with researchers, gas tank gauges under attack in the United States, fake FIFA websites are everywhere. Russia cried cyberespionage, Spanish police arrested a teenaged doxer, a Oracle Weblogic flaw was actively exploited.…
-
CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited
CISA added Oracle WebLogic flaw CVE-2024-21182 to its KEV catalog, giving federal agencies until June 4 to patch exposed servers. The post CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisa-oracle-weblogic-vulnerability-exploited/
-
CISA orders agencies to patch critical Oracle WebLogic Server vulnerability
First seen on scworld.com Jump to article: www.scworld.com/brief/cisa-orders-agencies-to-patch-critical-oracle-weblogic-server-vulnerability
-
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
Tags: access, control, cve, cybersecurity, exploit, flaw, infrastructure, kev, network, oracle, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.The vulnerability, CVE-2024-21182 (CVSS score: 7.5), allows an unauthenticated attacker with network access to take control of susceptible servers. It was First seen on…
-
U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Palo Alto Networks PAN-OS flaw, tracked as CVE-2024-21182 (CVSS score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2024-21182 flaw is an easily exploitable vulnerability affecting Oracle WebLogic…
-
CISA flags two-year-old Oracle flaw as actively exploited in attacks
CISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-actively-exploited-oracle-weblogic-flaw/
-
CISA Issues Alert on Oracle WebLogic Server Flaw Under Active Exploitation
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, oracle, risk, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Oracle WebLogic Server vulnerability, tracked as CVE-2024-21182, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is actively exploited in the wild. The alert, published on June 1, 2026, highlights the urgent risk to organizations that rely on Oracle WebLogic for…
-
OpenAI introduces Daybreak cyber platform, takes on Anthropic Mythos
Tags: access, ai, cisco, crowdstrike, cyber, cybersecurity, defense, detection, fortinet, framework, government, malware, network, openai, oracle, penetration-testing, RedTeam, risk, software, strategy, technology, update, vulnerabilityOpenAI’s cybersecurity model stack: OpenAI is pursuing a scalable cyber defense platform strategy with Daybreak and is rolling out the initiative through three different model tiers: GPT-5.5 (default), GPT-5.5 with Trusted Access for Cyber, and GPT-5.5-Cyber.The standard GPT-5.5 model is positioned for general-purpose enterprise use cases, including developer assistance and knowledge work. GPT-5.5 with Trusted…
-
Oracle rolls out monthly security patch updates
Oracle is changing how its security fixes are delivered: starting in May 2026, there will be a monthly Critical Security Patch Update. >>Each [monthly] CSPU is smaller … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/05/oracle-monthly-security-updates/
-
Best Security Solutions for Oracle ERP Cloud in 2026
As Oracle ERP Cloud has become central to finance and operations, its security posture has become a board”‘level concern. The system processes high”‘value transactions, exposes critical data, and sits at the heart of many key business processes. The core question for 2026 is not “Is Oracle secure?” but “What security solution for Oracle ERP Cloud……
-
Best Oracle GRC Alternatives for Oracle E-Business Suite: Replacing AACG, CCG, TCG and PCG
Many organizations still rely on Oracle GRC Advanced Controls for Oracle E-Business Suite”, including AACG, CCG, TCG and PCG”, as the backbone of their access governance, continuous controls monitoring, and compliance efforts. That was a reasonable choice for a long time. But the world those tools were built for”, on-premise ERP, slower change cycles, and…
-
Top Oracle Risk Management Cloud Alternatives for Oracle ERP Cloud in 2026
If your risk and controls strategy feels constrained by what Oracle Risk Management Cloud can do, you’re not alone. Many Oracle customers in 2026 are asking a more strategic question: What role should a Risk Management solution for Oracle ERP Cloud play in our overall risk architecture”, and where do we need something more? This…
-
IAM tools help Oracle Red Bull Racing keep pace with strict F1 regulations
Oracle Red Bull Racing massively improved the efficiency of its aerodynamics testing procedures after implementing new identity technology from 1Password. Learn more about this unlikely link First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642593/IAM-tools-help-Oracle-Red-Bull-Racing-keep-pace-with-strict-F1-regs
-
Oracle Red Bull Racing Team Revs Up Automation to Boost Security
While drivers race to shave off seconds on the track, the team’s IT and engineering staff are speeding up how they deliver security. First seen on darkreading.com Jump to article: www.darkreading.com/identity-access-management-security/oracle-red-bull-racing-team-revs-up-automation-to-boost-security

