News • Insights • Analysis
Oracle warned its corporate customers that there is a critical-rated vulnerability in its PeopleSoft software, which is used by large companies to manage payroll and human resources, a day after a cybercrime group took credit for abusing the flaw as Read More …
CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks – a scramble made more urgent by evidence that attackers may have been abusing the bug months before a fix Read More …
Harvard is investigating a data breach after a Russian-speaking cybercrime organization claimed it was preparing to release information stolen through a vulnerability in a software suite used by the University. Clop, an organization that extorts payments from companies to prevent Read More …
Oracle has patched a critical vulnerability in E-Business Suite that was actively exploited in data theft attacks by the Clop group. This is a zero-day vulnerability, registered as CVE-2025-61882, which allows remote code execution on affected systems without authentication. The Read More …
Oracle has released a security update to address a critical vulnerability in Oracle VM VirtualBox. Oracle VM VirtualBox is cross-platform virtualisation software. CVE-2025-30712 is an ‘improper access control’ vulnerability with a CVSSv3 score of 8.1 that affects the Oracle Virtualisation Read More …
Oracle is dealing with the fallout of a double data breach — one exposing patient data at US hospitals, and another raising concerns about its cloud security. Reports over the weekend suggest a breach at Oracle Health, formerly known as Read More …
Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information stolen. A crook late last week advertised on an online cyber-crime forum what was alleged to be Oracle Cloud customer security Read More …
Last year, FortiGuard Labs uncovered the 8220 Gang’s utilization of ScrubCrypt to launch attacks targeting exploitable Oracle WebLogic Servers. ScrubCrypt has been described as an “antivirus evasion tool” that converts executables into undetectable batch files. It offers several options to Read More …
Trend Micro researchers have recently observed malicious actors exploiting both recently disclosed and older Oracle WebLogic Server vulnerabilities to deliver cryptocurrency-mining malware. Oracle WebLogic Server is typically used for developing and deploying high-traffic enterprise applications on cloud environments and engineered Read More …
Enterprise software giant Oracle has released its April Critical Patch Update (CPU) advisory, which includes 520 fixes for security flaws. Critical Patch Updates are collections of security fixes for Oracle products, published quarterly. This update addresses security flaws in dozens Read More …
