Oracle News Articles

CISA warns Oracle Identity Manager RCE flaw is being actively exploited

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning government agencies to patch an Oracle Identity Manager tracked as CVE-2025-61757 that has been exploited in attacks, potentially as a zero-day.

16 hours ago

Critical Oracle Identity Manager RCE flaw revealed, PoC published

Researchers published proof-of-concept code for authentication bypass and RCE in OIM.

16 hours ago

Oracle Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack

The group claims to have successfully breached the tech giant's internal systems using a critical zero-day vulnerability in Oracle E-Business Suite (EBS), designated as CVE-2025-61882.

1 day ago

Cl0p ransomware hacks Oracle exploiting Oracle's own EBS zero-day

Oracle becomes victim to its own E-Business Suite (EBS) zero-day after the Cl0p ransomware claims the company as a victim in the group's own Oracle-fueled hacking spree.

1 day ago

Clop Ransomware Claims Oracle Breach Using E-Business Suite 0-Day

The notorious Clop ransomware gang, has listed Oracle Corporation on its dark web leak site, claiming to have successfully breached the technology giant's internal systems.

1 day ago

Oracle Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack

The notorious Clop ransomware gang has listed Oracle on its dark web leak site, alleging a successful breach of the tech giant's internal systems.

2 days ago

Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day

A recently patched Oracle Identity Manager vulnerability tracked as CVE-2025-61757 may have been exploited as a zero-day.

2 days ago

Lessons from Oracle E-Business Suite Hack That Allegedly Compromises Nearly 30 Organizations Worldwide

A sophisticated cyberattack targeting Oracle E-Business Suite (EBS) customers has exposed critical vulnerabilities in enterprise resource planning systems, compromising an estimated 100 organizations worldwide between July and October 2025.

2 days ago

Cl0P Ransomware Group Allegedly Claims Breach of Entrust in Oracle 0-Day EBS Hack

The notorious Cl0P ransomware group has claimed responsibility for breaching digital security firm Entrust, exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS). The attack, tied to CVE-2025-61882, marks another high-profile victim in Cl0P’s relentless assault on organizatio...

1 week ago

Cl0P Ransomware Group Allegedly Claims Breach of Entrust in Oracle 0-Day EBS Hack

The notorious Cl0P ransomware group has claimed responsibility for breaching digital security firm Entrust, exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS). The attack, tied to CVE-2025-61882, marks another high-profile victim in Cl0P’s relentless assault on organizatio...

1 week ago

Washington Post confirms data on nearly 10,000 people stolen from its Oracle environment

The newspaper said a “bad actor” contacted the company in late September, prompting an investigation that nearly a month later confirmed the extent of compromise.

1 week ago

Hitachi subsidiary GlobalLogic impacted by Clop’s attack spree on Oracle customers

The digital engineering services firm said human resources data on nearly 10,500 current and former employees was exposed.

2 weeks ago

Allianz UK Joins Expanding List of Clop’s Alleged Oracle E-Business Suite Victims

The attackers gained access through the company's EBS system, which manages personal lines business, including home, car, pet, and travel insurance products.

2 weeks ago

List of Oracle EBS Attack Victims May Be Growing Longer

Evidence suggests that Schneider Electric and others may have fallen prey to zero-day CVE-2025-61882.

4 weeks ago

Harvard and Envoy Airlines Breached via Oracle’s E-Business Suite Zero-Day Vulnerability - CPO Magazine

Harvard University and Envoy, an American Airlines subsidiary, have confirmed data breaches linked to a zero-day vulnerability CVE-2025-61882 in Oracle’s E-Business Suite software.

4 weeks ago

Virtualbox 7.1.12 and 7.2.2: Vulnerability CVE-2025-62641 | Born's Tech and Windows World

[German]It has just been announced that Virtualbox 7.1.12 and 7.2.2 contain the CVE-2025-62641 vulnerability. This could allow attackers to take over the host. There are also other vulnerabilities in these...

1 month ago

Harvard Hit in Oracle Zero-Day Ransomware Attack

Harvard University has confirmed it was breached in a ransomware attack exploiting a critical zero-day vulnerability in Oracle's E-Business Suite (EBS), tracked as CVE-2025-61882. The Clop ransomware group...

1 month ago

CISA: Oracle vulnerability is being actively exploited

CISA forces federal organizations to install Oracle patch for actively exploited SSRF vulnerability. Oracle does not confirm exploitation.

US cyber agency adds 5 known exploited vulnerabilities to KEV listing

Multiple Apple products and Oracle’s E-Business Suite feature in CISA’s latest addition to the KEV catalogue.

CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw

CISA has confirmed that an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog.

U.S. CISA adds Oracle, Windows, Kentico, Apple flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Oracle, Windows, Kentico, and Apple vulnerabilities to its Known Exploited Vulnerabilities catalog.

CISA Confirms Exploitation of Latest Oracle EBS Vulnerability 

CISA has confirmed that an Oracle E-Business Suite (EBS) vulnerability CVE-2025-61884 has been exploited in the wild.

CISA Adds Microsoft, Oracle Vulnerabilities To KEV Catalog

CISA added Microsoft, Apple and Oracle vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog today. Here are the details.

Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets

CISA adds five exploited vulnerabilities, including Oracle, Microsoft, Kentico, and Apple flaws, requiring fixes by Nov 10, 2025.

Harvard says ‘limited number of parties’ impacted by breach linked to Oracle zero-day

Harvard University said a recent incident that is impacting Oracle E-Business Suite customers impacted a "limited number of parties associated with a small administrative unit."

Harvard University Confirms Data Breach Linked to Oracle Zero-Day Exploit

Harvard confirms breach tied to Oracle E-Business Suite zero-day flaw exploited by Clop ransomware. FBI urges urgent patching worldwide.

Harvard University Breached in Oracle Zero-Day Attack

The Clop ransomware group claimed responsibility for stealing the university's data as part of a broader campaign against Oracle customers.

Oracles silently fixes zero-day exploit leaked by ShinyHunters

Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group.

Oracle silently fixes zero-day exploit leaked by ShinyHunters

Oracle has silently fixed an Oracle E-Business Suite vulnerability (CVE-2025-61884) that was actively exploited to breach servers, with a proof-of-concept exploit publicly leaked by the ShinyHunters extortion group.

Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884

Oracle issued an emergency security update to address a new E-Business Suite (EBS) vulnerability tracked as CVE-2025-61884.

Oracle issues second emergency patch for E-Business Suite in two weeks

Information disclosure flaw, CVE-2025-61884, emerges weeks after zero-day attacks, raising questions about broader security issues in Oracle’s flagship ERP platform.

CVE-2025-61884 | Arctic Wolf

Oracle has released an emergency fix for a high-severity information disclosure vulnerability in Oracle E-Business Suite (EBS), tracked as CVE-2025-61884

Emergency patch for vulnerability in Oracle E-Business Suite

Oracle releases emergency patch for critical CVE-2025-61884 vulnerability in E-Business Suite that gives attackers access without authentication.

Oracle Fixes New E-Business Suite Flaw As CL0P Hits Harvard

While there is no connection to CL0P’s attacks on CVE-2025-61882, Oracle has rushed out a patch for a new E-Business Suite flaw, CVE-2025-61884.

Oracle releases emergency patch for new E-Business Suite flaw

Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited remotely by unauthenticated attackers.

CVE-2025-61884: Novel Oracle E-Business Suite  Vulnerability Enables Remote Theft of Sensitive Data Without Login | SOC Prime

Explore CVE-2025-61884 analysis, a new critical, easily exploitable Oracle EBS vulnerability, with the details on our SOC Prime blog.

Oracle E-Business Suite Flaw Enables Remote Code Execution and Data Theft

Oracle has issued a critical security alert for a severe vulnerability in its E-Business Suite platform that could allow attackers to execute remote code.

Oracle E-Business Suite Bug Enables Hacker Data Access Without Login

A recent security alert issued by Oracle has raised concerns over a vulnerability in its E-Business Suite. This flaw, designated as CVE-2025-61884, holds a CVSS score of 7.5, indicating a high level of severity. It impacts versions ranging from 12.2.3 to 12.2.14 of the software. Vulnerability Detail...

Oracle E-Business Suite RCE Vulnerability Exposes Sensitive Data to Hackers Without Authentication

Oracle has disclosed a critical vulnerability in its E-Business Suite that enables unauthenticated attackers to remotely access sensitive data, raising alarms for enterprises relying on the platform for core operations.

Oracle Patches EBS Vulnerability Allowing Access to Sensitive Data

Oracle patched another severe E-Business Suite (EBS) vulnerability that can be exploited to gain access to sensitive data.

New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login

Oracle warns of CVE-2025-61884 flaw in E-Business Suite enabling unauthorized data access.

Security Affairs newsletter Round 545 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter is out! Every week, the best security articles from Security Affairs in your email box

CVE-2025-61882 in Oracle E-Business Suite: Details, Next Steps

A critical security vulnerability CVE-2025-61882 has been identified in Oracle E-Business Suite, a widely used enterprise resource planning platform. Read now.

Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884) - Help Net Security

Oracle has revealed the existence of yet another remotely exploitable Oracle E-Business Suite vulnerability (CVE-2025-61884).

Week in review: Hackers extorting Salesforce, CentreStack 0-day exploited - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How to get better results from bug bounty programs

CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw

Oracle EBS zero-day CVE-2025-61882 exploited since August 2025; GTIG links campaign to Cl0p actors.

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882) - Help Net Security

Researchers have analyzed the leaked scripts used by attackers to exploit CVE-2025-61882 on internet-facing Oracle ESB instances.

Cl0p Mass Exploiting Zero-day Vulnerability in Oracle E-Business Suite

A zero-day vulnerability in Oracle E-Business Suite is under active exploitation by the Cl0p ransomware group. The vulnerability is tracked as The Cl0p ransomware group is mass exploiting a zero day vulnerability in Oracle E-Business Suite. The vulnerability has been exploited in the wild since at l...