Tag: oracle
-
Hitachi-owned GlobalLogic admits data stolen on 10k current and former staff
Clop’s Oracle EBS exploit spree shows no sign of slowing, claims nearly 30 more casualties in media, finance, and tech. First seen on theregister.com Jump to article: www.theregister.com/2025/11/11/hitachiowned_globallogic_admits_data_stolen/
-
Allianz UK joins growing list of Clop’s Oracle E-Business Suite victims
Insurance giant’s UK arm says cybercriminals misattributed the real victim First seen on theregister.com Jump to article: www.theregister.com/2025/11/10/allianz_uk_joins_growing_list/
-
Balancer hack analysis and guidance for the DeFi ecosystem
Tags: access, attack, blockchain, control, crypto, exploit, finance, flaw, guide, intelligence, monitoring, oracle, radius, risk, software, strategy, threat, tool, update, vulnerabilityTL;DR The root cause of the hack was a rounding direction issue that had been present in the code for many years. When the bug was first introduced, the threat landscape of the blockchain ecosystem was significantly different, and arithmetic issues in particular were not widely considered likely vectors for exploitation. As low-hanging attack paths…
-
Washington Post confirms data breach linked to Oracle hacks
The Washington Post is the latest victim of a hacking campaign by the notorious Clop ransomware gang, which relied on vulnerabilities in Oracle software used by many corporations. First seen on techcrunch.com Jump to article: techcrunch.com/2025/11/07/washington-post-confirms-data-breach-linked-to-oracle-hacks/
-
Clop Ransomware Group Exploits New 0-Day Vulnerabilities in Active Attacks
The Clop ransomware group continues to pose a significant threat to enterprise organizations worldwide, with recent analysis revealing their exploitation of a critical zero-day vulnerability in Oracle E-Business Suite. Operating since early 2019, Clop has established itself as one of the most prolific and sophisticated ransomware gangs, amassing a victim count exceeding 1,025 organizations and…
-
Clop Ransomware Group Exploits New 0-Day Vulnerabilities in Active Attacks
The Clop ransomware group continues to pose a significant threat to enterprise organizations worldwide, with recent analysis revealing their exploitation of a critical zero-day vulnerability in Oracle E-Business Suite. Operating since early 2019, Clop has established itself as one of the most prolific and sophisticated ransomware gangs, amassing a victim count exceeding 1,025 organizations and…
-
Is Unsupported OpenJDK for Universities Good Enough?
Tags: oracleInstitutions wondering whether to pay Oracle must decide whether unsupported OpenJDK for universities is good enough. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/is-unsupported-openjdk-for-universities-good-enough/
-
U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog
Tags: apple, cisa, cybersecurity, exploit, flaw, infrastructure, kev, oracle, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities (KEV) catalog. Dassault Systèmes DELMIA Apriso is a Manufacturing Operations Management (MOM) and Manufacturing Execution System (MES) platform.…
-
Oracle EBS Attack Victims May Be More Numerous Than Expected
Numerous organizations have been attacked via Oracle EBS zero-day CVE-2025-61882, and evidence suggests more like Schneider Electric could be on that list. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/oracle-ebs-attack-victims-more-numerous-expected
-
Palo Alto Networks Bets Big on Agentic AI
CEO Nikesh Arora: Next-Generation Security Play Ties Automation to Identity, Cloud. With new products set to launch, Palo Alto Networks is expanding its AI cybersecurity footprint. Chairman and CEO Nikesh Arora introduced the AgentiX platform, a retooled cloud approach, identity enhancements and a deal making Palo Alto the core security provider for Oracle Cloud. First…
-
Palo Alto Adds Agentic AI to Supercharge Security Automation
CEO Nikesh Arora: Next-Generation Security Play Ties Automation to Identity, Cloud. With new products set to launch, Palo Alto Networks is expanding its AI cybersecurity footprint. Chairman and CEO Nikesh Arora introduced the AgentiX platform, a retooled cloud approach, identity enhancements and a deal making Palo Alto the core security provider for Oracle Cloud. First…
-
Schneider Electric Opfer der Oracle E-Business Suite 0-day Schwachstelle CVE-2025-61882
Nutzer der Oracle Oracle E-Business Suite (EBS) werden seit Juli 2025 über eine erst am 4. Oktober 2025 gepatchte 0-day-Schwachstelle CVE-2025-61882 erfolgreich angegriffen. Inzwischen werden die Namen von Opfern bekannt. So ist Schneider Electric Opfer der Clop-Ransomware-Gruppe geworden, die die … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/10/24/oracle-e-business-suite-0-day-schwachstelle-cve-2025-61882/
-
Oracle Patchday Oktober 2025 – Leicht ausnutzbare Sicherheitslücken bei Oracle
Tags: oracleFirst seen on security-insider.de Jump to article: www.security-insider.de/oracle-patchday-oktober-2025-sicherheitsupdates-a-2bf5352891eaadfdea1f73384dde639a/
-
Oracle October 2025 Critical Patch Update Addresses 170 CVEs
Oracle addresses 170 CVEs in its final quarterly update of 2025 with 374 patches, including 40 critical updates. Background On October 21, Oracle released its Critical Patch Update (CPU) for October 2025, the fourth and final quarterly update of the year. This CPU contains fixes for 170 unique CVEs in 374 security updates across 29…
-
Oracle E-Business Suite Vulnerability Exploited In Ransomware Attacks
Tags: attack, business, cisa, cybersecurity, exploit, infrastructure, oracle, ransomware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that a vulnerability impacting Oracle E-Business Suite customers has seen exploitation in ransomware attacks. First seen on crn.com Jump to article: www.crn.com/news/security/2025/cisa-oracle-e-business-suite-vulnerability-exploited-in-ransomware-attacks
-
CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw
CISA has confirmed that an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-confirms-hackers-exploited-oracle-e-business-suite-ssrf-flaw/
-
U.S. CISA adds Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities catalog
Tags: apple, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, oracle, update, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities (KEV) catalog. Oracle recently released an emergency patch to address an information disclosure flaw, tracked as CVE-2025-61884 (CVSS…
-
Envoy Air (American Airlines) Confirms Oracle EBS 0-Day Breach Linked to Cl0p
Envoy Air (American Airlines) confirms a breach by CL0P after they exploited the critical CVE-2025-61882 zero-day flaw in Oracle E-Business Suite. First seen on hackread.com Jump to article: hackread.com/envoy-air-american-airlines-oracle-ebs-0-day-breach-cl0p/
-
Envoy Air (American Airlines) Confirms Oracle EBS 0-Day Breach Linked to Cl0p
Envoy Air (American Airlines) confirms a breach by CL0P after they exploited the critical CVE-2025-61882 zero-day flaw in Oracle E-Business Suite. First seen on hackread.com Jump to article: hackread.com/envoy-air-american-airlines-oracle-ebs-0-day-breach-cl0p/
-
CISA Warns of Oracle E-Business Suite SSRF Vulnerability Actively Exploited in Attacks
Tags: attack, business, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, oracle, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Oracle E-Business Suite vulnerability to its Known Exploited Vulnerabilities catalog after detecting active exploitation in the wild. The security flaw, tracked as CVE-2025-61884, poses significant risks to organizations running the widely-deployed enterprise resource planning software. Critical SSRF Flaw Requires Immediate Action CVE-2025-61884 is a…
-
Flawed Vendor Guidance Exposes Enterprises to Avoidable Risk
Oracle E-Business Suite customers received conflicting deployment guidance, leaving enterprises exposed a recent zero-day flaw, Andrew argues. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/oracle-s-flawed-waf-guidance-left-its-customers-vulnerable-to-ransomware-attack
-
Five New Exploited Bugs Land in CISA’s Catalog, Oracle and Microsoft Among Targets
Tags: business, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, oracle, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite (EBS) has been weaponized in real-world attacks.The security defect in question is CVE-2025-61884 (CVSS score: 7.5), which has been described as a First seen…
-
Erpressungsversuche laufen – Notfall-Patches für Oracle E-Business Suite
First seen on security-insider.de Jump to article: www.security-insider.de/hackergruppe-cl0p-angriff-oracle-zero-day-schwachstelle-cve-2025-61882-a-b9940b2111730979abd1c7dff0ad8ebf/
-
American Airlines subsidiary Envoy confirms Oracle data theft attack
Envoy Air, a regional airline carrier owned by American Airlines, confirms that data was compromised from its Oracle E-Business Suite application after the Clop extortion gang listed American Airlines on its data leak site. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/american-airlines-subsidiary-envoy-confirms-oracle-data-theft-attack/
-
American Airlines subsidiary Envoy confirms Oracle data theft attack
Envoy Air, a regional airline carrier owned by American Airlines, confirms that data was compromised from its Oracle E-Business Suite application after the Clop extortion gang listed American Airlines on its data leak site. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/american-airlines-subsidiary-envoy-confirms-oracle-data-theft-attack/
-
Regional airline Envoy Air confirms Oracle E-Business Suite compromise
The regional American airline Envoy Air confirmed that its IT system was impacted by a recent hacking campaign targeting Oracle E-Business Suite. First seen on therecord.media Jump to article: therecord.media/regional-airline-envoy-oracle
-
Harvard University Breached in Oracle Zero-Day Attack
The Clop ransomware group claimed responsibility for stealing the university’s data as part of a broader campaign against Oracle customers. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/harvard-breached-oracle-zero-day-attack
-
Oracle silently fixes zero-day exploit leaked by ShinyHunters
Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oracle-silently-fixes-zero-day-exploit-leaked-by-shinyhunters/