Nissan Discloses Employee Data Breach Linked to Oracle Zero-Day
Nissan says employees' data was stolen via the Oracle PeopleSoft zero-day campaign
Oracle develops databases, cloud services, and business software; vulnerabilities in these products can expose sensitive data and systems.
Search across headline titles and summaries.
Background for this topic.
Oracle is an enterprise technology ecosystem best known in security contexts for Oracle Database, along with Java, application servers, business applications, and cloud services. These products often process sensitive business and personal data, so the tag commonly covers vulnerabilities, insecure configurations, and security updates affecting Oracle software and its integrations.
Material risks include exposed database listeners or management interfaces, excessive privileges, weak authentication, SQL injection, and vulnerable components that may permit unauthorized queries or code execution. Practitioners should inventory Oracle versions and dependencies, apply relevant security updates through controlled testing, restrict network access, enforce least privilege and encryption, and monitor database activity. Advisories should be assessed against the exact product and release, exploit prerequisites, and available mitigations; unsupported versions may remain exposed to known flaws.
Weekly headline count for the current query.
Nissan says employees' data was stolen via the Oracle PeopleSoft zero-day campaign
An attacker has exploited a zero day in Oracle Peoplesoft to gain access to the IT systems of the NAIC, the standard-setting association for the US federal insurance system
Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study
LKQ confirmed that over 9000 individuals saw their personal data compromised because of the breach
Barts Health NHS Trust has revealed itself to be the latest victim of Cl0p’s Oracle EBS campaign
The US cybersecurity agency has added the critical flaw to its Known Exploited Vulnerabilities list
GlobalLogic has notified 10,000 employees their data was stolen in the Oracle EBS campaign
GTIG highlighted indicators that Clop is behind the extortion campaign targeting Oracle EBS instances, with its activity likely beginning as early as August 9
A critical Oracle E-Business Suite vulnerability is being actively exploited by the Clop ransomware group
Patches for the targeted vulnerabilities were released in Oracle’s July 2025 security update
Critical flaws include those in Oracle Supply Chain products
ScrubCrypt malware obfuscates and encrypts applications to evade antivirus detection
The bug allows unauthenticated attackers with network access to compromise Oracle Access Manager
Potential attacks resulting from it may include privilege escalation and cross–tenant access