Oracle E-Business Suite was under attack via critical flaw before the public exploit code was even released
Attackers appear to have reverse-engineered Big Red's patch
Critical vulnerabilities can let attackers bypass security controls, compromise systems, or steal data, requiring urgent risk assessment and remediation.
Search across headline titles and summaries.
Background for this topic.
A critical vulnerability is a software or hardware flaw that allows attackers to execute highly damaging actions, such as remote code execution or privilege escalation, with little or no user interaction. These vulnerabilities often affect core system components or widely used services, making them attractive targets for exploitation. The severity rating "critical" indicates that successful exploitation can lead to full system compromise or significant operational disruption.
Security practitioners must prioritize identifying and patching critical vulnerabilities promptly to reduce exposure to automated attacks and wormable exploits. Effective mitigation includes applying vendor patches, deploying intrusion detection systems tuned for exploit patterns, and restricting network access to vulnerable services. Understanding the exploitability and impact scope of a critical vulnerability helps allocate resources efficiently and maintain system integrity under active threat conditions.
Attackers appear to have reverse-engineered Big Red's patch
Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments. A critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited in the wild, according to cybersecurity firm Defused Cyber. “CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being […]
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API
One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.
Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting Windows, macOS, and Linux. [...]
Attackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused. [...]
A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2