Oracle has patched a critical vulnerability in E-Business Suite that was actively exploited in data theft attacks by the Clop group.
This is a zero-day vulnerability, registered as CVE-2025-61882, which allows remote code execution on affected systems without authentication. The flaw is located in the Concurrent Processing component of Oracle E-Business Suite, in the integration with BI Publisher. According to Oracle, the vulnerability has a CVSS score of 9.8. An attacker can exploit it via the network without a username or password, BleepingComputer reports.
Read more…
Source: Techzine News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Chaotic Eclipse strikes again with another worrying Windows security flaw
May 18, 2026
Threat actors could escalate privileges and gain SYSTEM access on a fully patched Windows 11 device thanks to an unpatched vulnerability which allegedly should have been fixed years ago, new reports have claimed. A researcher with the alias Chaotic Eclipse recently disclosed a Proof-of-Concept (PoC) exploit for a zero-day vulnerability they named “MiniPlasma”. In a new GitHub entry, ...
- Patch time for Cisco SD-WAN admins as vendor drops yet another make-me-admin zero-day
May 15, 2026
Cisco admins face emergency patch duty after Switchzilla disclosed a max-severity make-me-admin bug affecting Catalyst SD-WAN Controller and Manager. Switchzilla dropped an advisory for CVE-2026-20182 (10.0) on Thursday, saying that both components, formerly known as vSmart and vManage, were vulnerable in all deployment types, and that fixes were available. The bug allows unauthenticated remote attackers to bypass authentication and ...
- Another major Linux security issue uncovered – new Fragnesia flaw allows attackers to run malicious code as root
May 14, 2026
Security researchers have discovered a new vulnerability in the Linux kernel which could allow malicious actors to run code with elevated privileges, exposing systems to risk of data theft, malware deployment, and even full device takeover. The vulnerability is tracked as CVE-2026-46300, and was given a severity score of 7.8/10 (high). It’s nicknamed Fragnesia and is ...
- Over a million WordPress sites hit in plugin flaw — so patch now or face the consequences
May 14, 2026
A popular WordPress plugin with roughly a million active installations contained two vulnerabilities that could have allowed malicious actors to exfiltrate sensitive data, such as password hashes and other valuable information. Security researchers at Wordfence said they were tipped off by a researcher Rafie Muhammad about the existence of an Arbitrary File Read and an SQL Injection vulnerability in Avada ...
- Patch Tuesday
May 13, 2026
Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above. Windows Netlogon: critical RCE Anyone responsible for securing ...
- When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise
May 13, 2026
Attackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust. In April 2026, Rapid7 investigated an enterprise intrusion that began with a Microsoft Teams message from a fake “IT Support” account and quickly escalated into a full compromise chain involving ...