ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed
A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.
Oracle develops databases, cloud services, and business software; vulnerabilities in these products can expose sensitive data and systems.
Search across headline titles and summaries.
Background for this topic.
Oracle is an enterprise technology ecosystem best known in security contexts for Oracle Database, along with Java, application servers, business applications, and cloud services. These products often process sensitive business and personal data, so the tag commonly covers vulnerabilities, insecure configurations, and security updates affecting Oracle software and its integrations.
Material risks include exposed database listeners or management interfaces, excessive privileges, weak authentication, SQL injection, and vulnerable components that may permit unauthorized queries or code execution. Practitioners should inventory Oracle versions and dependencies, apply relevant security updates through controlled testing, restrict network access, enforce least privilege and encryption, and monitor database activity. Advisories should be assessed against the exact product and release, exploit prerequisites, and available mitigations; unsupported versions may remain exposed to known flaws.
Weekly headline count for the current query.
A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.
While drivers race to shave off seconds on the track, the team's IT and engineering staff are speeding up how they deliver security.
Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.
The cloud security startup's platform translates and enforces security policies across AWS, Azure, Google Cloud, and Oracle using provider-native controls.
The exploitation of CVE-2025-61757 follows a breach of Oracle Cloud earlier this year as well as a recent extortion campaign targeting Oracle E-Business Suite customers.
Numerous organizations have been attacked via Oracle EBS zero-day CVE-2025-61882, and evidence suggests more like Schneider Electric could be on that list.
Oracle E-Business Suite customers received conflicting deployment guidance, leaving enterprises exposed a recent zero-day flaw, Andrew argues.
The Clop ransomware group claimed responsibility for stealing the university's data as part of a broader campaign against Oracle customers.
The infamous Clop gang has targeted a wide range of Oracle E-Business Suite customers using a newly disclosed zero-day vulnerability.
The bug allowed an attacker an easy way to compromise full suite of developer tools in Oracle Cloud Infrastructure.
eSIMs around the world may be fundamentally vulnerable to physical and network attacks because of a 6-year-old Oracle vulnerability in technology that underlies billions of cards.
The vulnerability, with a 9.9 CVSS score on a 10-point scale, results in different Cisco ISE deployments all sharing the same credentials as long as the software release and cloud platform remain the same.
The agency is recommending that organizations and individuals implement its recommendations to prevent the misuse of stolen data, though Oracle has yet to publicly do the same for its customers.
The database company said its Oracle Cloud Infrastructure (OCI) was not involved in the breach. And at least one law firm seeking damages is already on the case.
Although Oracle has denied its cloud infrastructure services were breached, security experts recommend Oracle customers independently verify if they were affected and take measures to reduce exposure to potential fallout.
Evidence suggests an attacker gained access to the company's cloud infrastructure environment, but Oracle insists that didn't happen.
A threat actor posted data on Breachforums from an alleged supply-chain attack that affected more than 140K tenants, claiming to have compromised the cloud via a zero-day flaw in WebLogic, researchers say.
An attacker is using the tool to deploy a cryptominer and the Tsunami DDoS bot on compromised systems.
Users of Oracle's ERP for Web storefronts might not be aware of a misconfiguration which could put customer data at risk of exposure.