top of page
ALL POSTS
U.S. CISA Adds Critical Enterprise Software Vulnerabilities to Known Exploited Vulnerabilities Catalog
Key Findings CISA added Oracle PeopleSoft Enterprise PeopleTools vulnerability CVE-2026-35273 (CVSS 9.8) to its Known Exploited Vulnerabilities catalog following active exploitation by ShinyHunters CISA added Ivanti Sentry vulnerability CVE-2026-10520 (CVSS 10.0) to its Known Exploited Vulnerabilities catalog with a mandatory federal agency patching deadline of June 14, 2026 The Oracle flaw was exploited as a zero-day for nearly two weeks before vendor disclosure, affecting o
Jun 133 min read
ShinyHunters Exploits Oracle PeopleSoft Zero-Day to Breach 100+ Universities Worldwide
Key Findings ShinyHunters exploited CVE-2026-35273, a zero-day remote code execution vulnerability in Oracle PeopleSoft Enterprise PeopleTools rated 9.8/10, to breach over 100 organizations between May 27 and June 9 The vulnerability required only network access over HTTP with no authentication or user interaction, affecting any organization with Environment Management Hub endpoints exposed externally Approximately 68 percent of affected organizations were in higher education
Jun 113 min read
Oracle Releases Emergency Patch for Critical RCE Vulnerability CVE-2026-21992 in Identity Manager
Key Findings Oracle released an emergency patch for CVE-2026-21992, a critical remote code execution vulnerability in Identity Manager and Web Services Manager The flaw has a CVSS score of 9.8 and requires no authentication, allowing attackers to execute code over HTTP Affected versions are Identity Manager 12.2.1.4.0 and 14.1.2.1.0, plus Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0 Oracle classified the vulnerability as "easily exploitable" with low complexity No
Mar 222 min read
Data Theft Affects 10,000 Individuals Linked to Oracle, Washington Post Reports
Key Findings The Washington Post has notified nearly 10,000 current and former employees and contractors about a data breach that exposed their personal and financial information. The breach was linked to a zero-day vulnerability (CVE-2025-61884) in Oracle's E-Business Suite software, which was exploited by the Clop ransomware group between July 10 and August 22, 2025. The stolen data includes names, bank account numbers, routing numbers, Social Security numbers, and tax IDs.
Nov 14, 20252 min read
bottom of page
