ALL POSTS

Key Findings Oracle released an emergency patch for CVE-2026-21992, a critical remote code execution vulnerability in Identity Manager and Web Services Manager The flaw has a CVSS score of 9.8 and requires no authentication, allowing attackers to execute code over HTTP Affected versions are Identity Manager 12.2.1.4.0 and 14.1.2.1.0, plus Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0 Oracle classified the vulnerability as "easily exploitable" with low complexity No

Key Findings The Washington Post has notified nearly 10,000 current and former employees and contractors about a data breach that exposed their personal and financial information. The breach was linked to a zero-day vulnerability (CVE-2025-61884) in Oracle's E-Business Suite software, which was exploited by the Clop ransomware group between July 10 and August 22, 2025. The stolen data includes names, bank account numbers, routing numbers, Social Security numbers, and tax IDs.