Stay informed on Oracle security updates, vulnerabilities, and best practices for safeguarding your data with our focused Information Security insights.
Search across headline titles and summaries.
Background for this topic.
Oracle in information security is not about the prophetic figure of ancient myths, but rather it pertains to a critical aspect of cyber security concerning Oracle Corporation's products, particularly its database management systems. Oracle databases are widespread in enterprise environments, storing a wealth of sensitive information that, if compromised, could lead to significant data breaches and financial losses.
Oracle security, therefore, encompasses the various measures and practices that protect Oracle database servers from unauthorized access, misuse, or attack. This includes securing the database from internal threats, like privileged user abuse, and external threats such as SQL injection attacks. It also involves ensuring the integrity, confidentiality, and availability of the data held within Oracle databases through a combination of technical controls, policies, and procedures. Vigilance in monitoring, patch management, and staying informed about the latest Oracle security updates and vulnerabilities are essential components of maintaining robust security for Oracle-based systems.
Weekly headline count for the current query.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Palo Alto Networks PAN-OS flaw, tracked as CVE-2024-21182 (CVSS score of 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2024-21182 flaw is an easily exploitable vulnerability affecting Oracle WebLogic […]
CISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks. [...]
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers -- including Apple, Google, Microsoft, Mozilla and Oracle -- fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases.
While drivers race to shave off seconds on the track, the team's IT and engineering staff are speeding up how they deliver security.
Also, Russian Signal Phishing, Iran-Linked Malware, Breaches in Spain and FranceThis week, Tycoon 2FA, Trio-Tech, messaging app spying and a ransomware broker sentenced. Iran-linked hackers. Mazda disclosed a breach. Oracle patched a flaw. North Korean actors weaponized VS Code, a Spanish port ransomware attack, a French teacher data breach and a healthcare firm victim surge.
Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study
Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution
Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.
Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992. [...]
The cloud security startup's platform translates and enforces security policies across AWS, Azure, Google Cloud, and Oracle using provider-native controls.
State news published a list of nearly 30 sites that could be targeted Iran has reportedly designated Amazon, Google, IBM, Microsoft, Nvidia, Oracle, and Palantir facilities as legitimate targets of retaliatory strikes, according to an Al Jazeera report citing Iran’s state-affiliated Tasnim news agency.…
Big Red says 'sovereign' platform supports decision-making and operational learning at sea Britain's Royal Navy is using Oracle Cloud edge infrastructure to operate AI-driven defenses on the aircraft carrier HMS Prince of Wales.…
Full Scope of Clop Ransomware Group's Oracle E-Business Suite Hits Still EmergingThe University of Phoenix is notifying 3.5 million individuals that their personal information was compromised in a data breach. The theft traces to the Clop ransomware group's supply-chain campaign against users of Oracle E-Business Suite, in which it wield two zero-day vulnerabilities.
LKQ confirmed that over 9000 individuals saw their personal data compromised because of the breach
Body confirms patient and staff details siphoned via Oracle EBS flaw as gang threatens to leak haul Barts Health NHS Trust has confirmed that patient and staff data was stolen in Clop's mass-exploitation of Oracle's E-Business Suite (EBS), and says it is now taking legal action in an effort to stop the gang publishing any of the snatched information.…
Barts Health NHS Trust has revealed itself to be the latest victim of Cl0p’s Oracle EBS campaign
Barts Health NHS Trust has announced that Clop ransomware actors have stolen files from a database by exploiting a vulnerability in its Oracle E-business Suite software. [...]
Skills Needed: Enterprise Architecture, Configuration and Vulnerability ManagementWhen a critical vulnerability surfaces in ERP systems such as the Oracle E-Business Suite flaw, attackers can go well beyond a single compromised server. The flaw exposed the need for cyber professionals who understand enterprise architecture, secure configuration and vulnerability interpretation.
The University of Phoenix (UoPX) has joined a growing list of U.S. universities breached in a Clop data theft campaign targeting vulnerable Oracle E-Business Suite instances in August 2025. [...]