Containing fixes for critical-severity vulnerabilities, the monthly rollouts will focus on addressing priority issues faster.

The post Oracle Debuts Monthly Critical Security Patch Updates appeared first on SecurityWeek.

The company released 481 new security patches across 28 product families, including over 300 fixes for remotely exploitable, unauthenticated flaws.

The post Oracle Patches 450 Vulnerabilities With April 2026 CPU appeared first on SecurityWeek.

CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. 

The post Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability appeared first on SecurityWeek.

OpenAI is reportedly backing away from expanding its AI data center partnership with Oracle because newer generations of Nvidia GPUs may arrive before the facility is even operational. CNBC reports: Artificial intelligence chips are getting upgraded more quickly than data centers can be built, a market reality that exposes a key risk to the AI trade and Oracle's debt-fueled expansion. OpenAI is no longer planning to expand its partnership with Oracle in Abilene, Texas, home to the Stargate data center, because it wants clusters with newer generations of Nvidia graphics processing units, according to a person familiar with the matter. The current Abilene site is expected to use Nvidia's Blackwell processors, and the power isn't projected to come online for a year. By then, OpenAI is hoping to have expanded access to Nvidia's next-generation chips in bigger clusters elsewhere, said the person, who asked not to be named due to confidentiality. In a post on X, Oracle called the reports "false and incorrect." However, it only said existing projects are on track and didn't address expansion plans. CNBC notes: "Oracle secured the site, ordered the hardware, and spent billions of dollars on construction and staff, with the expectation of going bigger."

Read more of this story at Slashdot.

Would-be attackers spent 2025 swimming in a sea of more than 40,000 newly published vulnerabilities, VulnCheck said in a report released Wednesday, but only 1% of those defects, just 422, were exploited in the wild.

As the deluge of vulnerabilities grows every year, and CVSS ratings lose significance for vulnerability management prioritization, some defenders are turning to research on known exploited vulnerabilities to narrow their scope of work and place more emphasis on verified risks. 

“The growth in CVE volume is ludicrous, not necessarily unfounded, but it’s large. Defenders don’t know what to pay attention to,” Caitlin Condon, vice president of security research at VulnCheck, told CyberScoop. “Prioritization is still a huge problem.”

Too many defenders and researchers are paying attention to defects and unsubstantiated exploit concepts that aren’t worth their time, Condon added. “The indicators of risk that used to be semi reliable, now no longer are.”

The technologies exploited by attackers are developed and sold by many repeat offenders. Some of the vendors on VulnCheck’s list of the most routinely targeted vulnerabilities enjoy large market shares.

Other vendors, especially those in network edge device space, have been inundated with malicious activity for years and remain the preferred intrusion point for all attacks.

Network edge devices were responsible for 191 of the 672 products impacted by new known exploited vulnerabilities last year, representing 28% of the top targeted technologies in 2025, according to VulnCheck. 

“Anything that’s in that position of being at the network edge, guarding access to corporate networks, often in a privileged place for secure communication,” is naturally a large target, Condon said. 

This problem is exacerbated by the fact many network devices are running on code bases that haven’t been radically changed in about a decade. Meanwhile, attackers have copies of that software and use fully automated analysis pipelines to quickly identify new vulnerabilities.

“Threat actors are much more organized presently than we all collectively are on defense,” Condon said. Defenders have to assume there’s going to be a new zero-day in any network edge device at any time, and patches will be reversed for exploit development in short order, she added.

Each of the top 50 vulnerabilities VulnCheck flagged in its report were exploited in the wild last year with at least 20 working public exploits, attacks originating from at least two state-sponsored or cybercrime threat groups. The top exploited vulnerabilities were also linked to least one ransomware variant and appeared in at least two instances of known botnet activity.

Four of the 10 most routinely targeted vulnerabilities last year — CVE-2025-53770 and CVE-2025-53771, which are variants of previously disclosed vulnerabilities CVE-2025-49706 and CVE-2025-49704 — were contained in Microsoft SharePoint. All four of the zero-day vulnerabilities were exploited en masse and initially compromised more than 400 organizations, including the Departments of Energy, Homeland Security and Health and Human Services.

VulnCheck confirmed a combined 69 known exploits for the quartet of SharePoint vulnerabilities. Researchers attributed the exploited vulnerabilities to a collective 29 threat groups and 18 ransomware variants, yet the attackers involved likely targeted more than one of the zero-days, resulting in some overlap.

Microsoft topped the list with nine of the 50 routinely targeted vulnerabilities appearing in its products last year. Ivanti was responsible for five, or 10% of the most targeted vulnerabilities last year. Fortinet ranked third on VulnCheck’s list with four vulnerabilities, followed by VMware with three, while SonicWall and Oracle each ranked high on the list with two exploited defects. 

The most targeted vulnerability of 2025 belongs to React2Shell, a maximum-severity defect in React Server Components that racked up 236 valid public exploits before the end of the year, less than a month after it was publicly disclosed by Meta and React. 

More than 200 of those public exploits were validated by VulnCheck by mid-December, as Palo Alto Networks Unit 42 confirmed more than 60 organizations were impacted by an initial wave of attacks.

VulnCheck’s research underscores that technology, ultimately in all of its forms, is the problem. 

“We are at a point here where we’re not talking about a single vendor or technology. We are talking about writ large, we are getting creamed. We’ve got to start assessing ruthlessly and immediately how technology needs to evolve to be more resilient to these attacks over the long term,” Condon said. 

“We need to start being much more realistic about the state of our tech and what that means for cybersecurity.”

The post Vulnerabilities grew like weeds in 2025, but only 1% were weaponized in attacks appeared first on CyberScoop.

The University of Pennsylvania joined the steadily growing number of victim organizations impacted by the widespread data theft and extortion campaign involving a notorious ransomware group’s exploitation of a zero-day vulnerability and other defects in Oracle E-Business Suite earlier this year. 

The university filed a data breach notification in Maine Monday, confirming nearly 1,500 Maine residents were affected by an intrusion into its Oracle EBS environment over a three-day period in early August. 

The Ivy League school and dozens of other victims were not aware of the attack until Oracle acknowledged the critical vulnerability after members of the Clop ransomware group sent extortion emails to alleged victim organizations in late September. Attackers exploited multiple vulnerabilities to steal large amounts of data from several Oracle EBS customers in August, according to Mandiant.

The university said it determined some personal information was stolen from its Oracle EBS system on Nov. 11, but did not provide details about how many people were impacted and what type of data was stolen during the attack. 

“The University of Pennsylvania was one of nearly 100 already identified organizations simultaneously impacted by the widely exploited Oracle E-Business Suite incident, involving a previously unknown security vulnerability in Oracle’s system,”a spokesperson for the university said in a statement.

“Penn has implemented the patches that Oracle issued to resolve the vulnerability,” the spokesperson added. “Penn has found no evidence that any of this information has been or is likely to be publicly disclosed or misused for fraudulent purposes.”

Other Ivy League schools were impacted by the targeted attacks on Oracle EBS customers as well, including Dartmouth College and Harvard University. 

Dartmouth filed data breach disclosures in California and Maine last month confirming that its Oracle EBS environment was also compromised over a few days in August. Personal data exposed by the breach included names, Social Security numbers and financial account information, according to Dartmouth. 

Harvard University said it was investigating a data breach involving its Oracle EBS system in mid-October, noting at the time that a limited number of people in a small administrative unit were impacted. Harvard said it found no evidence of compromise to other systems. 

The pool of victim organizations impacted by the mass exploitation of vulnerabilities in Oracle EBS underscores the risk posed by interconnected and widely used systems.

Cox Enterprises last month said personal data on almost 10,000 people was exposed by an attack on its Oracle EBS environment, which it discovered in late September. The attack occurred during the same period as other victim organizations in August, the media and automotive company said in a data breach notification filed in California. 

Logitech said it, too, was impacted by the widespread attacks on Oracle EBS customers. “The data likely included limited information about employees and consumers and data relating to customers and suppliers. Logitech does not believe any sensitive personal information, such as national ID numbers or credit card information, was housed in the impacted IT system,” the computer peripherals and software vendor said in a Nov. 20 regulatory filing.

Other previously confirmed victims include The Washington Post, Envoy Air and GlobalLogic. 

Clop specializes in exploiting vulnerabilities in file-transfer services and has successfully intruded multiple technology vendors’ systems to steal massive amounts of data for extortion efforts. These attacks typically flow downstream, ensnaring organizations and people multiple layers removed from the initial targeted victims.

Clop infiltrated MOVEit environments in 2023, ultimately exposing data from more than 2,300 organizations, making it the largest and most significant cyberattack that year.

The post University of Pennsylvania joins growing pool of Oracle customers impacted by Clop attacks appeared first on CyberScoop.

The Washington Post said it, too, was impacted by the data theft and extortion campaign targeting Oracle E-Business Suite customers, compromising human resources data on nearly 10,000 current and former employees and contractors.

The company was first alerted to the attack and launched an investigation when a “bad actor” contacted the media company Sept. 29 claiming they gained access to the company’s Oracle applications, according to a data breach notification it filed in Maine Wednesday. The Washington Post later determined the attacker had access to its Oracle environment from July 10 to Aug. 22. 

The newspaper is among dozens of Oracle customers targeted by the Clop ransomware group, which exploited a zero-day vulnerability affecting Oracle E-Business Suite to steal heaps of data. Other confirmed victims include Envoy Air and GlobalLogic.

The Washington Post said it confirmed the extent of data stolen during the attack on Oct. 27, noting that personal information on 9,720 people, including names, bank account numbers and routing numbers, and Social Security numbers were exposed. The company didn’t explain why it took almost a month to determine the amount of data stolen and has not responded to multiple requests for comment. 

Oracle disclosed and issued a patch for the zero-day vulnerability —  CVE-2025-61882 affecting Oracle E-Business Suite — in a security advisory Oct. 4, and previously said it was aware some customers had received extortion emails. Mandiant, responding to the immediate fallout from the attacks, said Clop exploited multiple vulnerabilities, including the zero-day to access and steal large amounts of data from Oracle E-Business Suite customer environments.

Oracle, its customers and third-party researchers were not aware of the attacks until executives of alleged victim organizations received extortion emails from members of Clop demanding payment in late September. Cynthia Kaiser, senior vice president of Halcyon’s ransomware research center, previously told CyberScoop ransom demands reached up to $50 million.

Clop’s data-leak site included almost 30 alleged victims as of last week. The notorious ransomware group has threatened to leak alleged victims’ data unless it receives payment. 

The ransomware group has intruded multiple technology vendors’ systems before, allowing it to steal data and extort many downstream customers. Clop specializes in exploiting vulnerabilities in file-transfer services and achieved mass exploitation in 2023 when it infiltrated MOVEit environments, ultimately exposing data from more than 2,300 organizations.

The post Washington Post confirms data on nearly 10,000 people stolen from its Oracle environment appeared first on CyberScoop.

GlobalLogic, a digital engineering and product design company, said it was impacted by a widespread data theft and extortion campaign linked to a zero-day vulnerability in Oracle E-Business Suite.

The company, which was acquired by Hitachi in 2021 and has a current customer base of nearly 600 clients, filed data breach notifications with authorities in California and Maine on Friday. GlobalLogic said the attack exposed human resources data on nearly 10,500 current and former employees. 

GlobalLogic is among many Oracle customers targeted by attackers aligned with the Clop ransomware group, which exploited a zero-day vulnerability affecting the enterprise platform to steal massive amounts of data as far back as July. John Hultquist, chief analyst at Google Threat Intelligence Group, previously told CyberScoop dozens of organizations were impacted. 

GlobalLogic said it discovered the data breach Oct. 9 and, upon investigation, determined the initial breach occurred July 10. The most recent malicious activity occurred Aug. 20, the company said.

“This incident did not target or impact GlobalLogic’s systems outside our Oracle platform, and, based on industry reports, we are one of many Oracle customers believed to be impacted,” the company said in the notification letter sent to people impacted. GlobalLogic did not immediately respond to a request for comment.

Data exposed by the attack includes names, addresses, phone numbers, emergency contact information, email addresses, dates of birth, nationality, passport information, internal employee numbers, tax identifiers such as Social Security numbers, salary information, bank account details and routing numbers, according to GlobalData.

Upon discovering it was impacted, GlobalLogic said it immediately activated incident response procedures, notified law enforcement and engaged with third-party firms to assist with an investigation. “We also promptly applied software patches upon their release from Oracle to address the vulnerability,” the company said. 

Oracle disclosed and issued a patch for the zero-day vulnerability —  CVE-2025-61882 affecting Oracle E-Business Suite — in a security advisory Oct. 4, and previously said it was aware some customers had received extortion emails. 

The zero-day wasn’t the only problem confronting Oracle and its customers. Clop exploited multiple vulnerabilities, including the zero-day, in Oracle E-Business Suite to steal large amounts of data from several victims, according to Mandiant Consulting CTO Charles Carmakal. 

The significant lag time between when the attacks occurred and Oracle’s disclosure indicates Clop was breaking into and stealing data from Oracle E-Business Suite customers’ environments for months. Researchers were not aware of the attacks until executives of alleged victim organizations received extortion emails demanding payment. 

Clop’s ransom demands reached up to $50 million, according to Halcyon. “We have seen seven- and eight-figure demands thus far,” Cynthia Kaiser, senior vice president of Halcyon’s ransomware research center, told CyberScoop last month.

Clop’s data-leak site included almost 30 alleged victims as of last week. The notorious ransomware group has threatened to leak alleged victims’ data unless it receives payment. 

One of those named victims, Envoy Air, a subsidiary of American Airlines, confirmed it was impacted by the attack spree. 

“We have conducted a thorough review of the data at issue and have confirmed no sensitive or customer data was affected. A limited amount of business information and commercial contact details may have been compromised,” a spokesperson for Envoy Air said in a statement. 

GlobalLogic said it implemented Oracle’s recommended mitigation steps in the wake of the attack and took additional steps to improve its security.

The post Hitachi subsidiary GlobalLogic impacted by Clop’s attack spree on Oracle customers appeared first on CyberScoop.

Editor’s Note: We’ll feature Lawrence’s List every week.  It will include interesting things he’s come across during the week as he’s an avid consumer of internet garbage and follows a […]

The post Lawrence’s List 061316 appeared first on Black Hills Information Security, Inc..