Search results for oracle tools for business | Breaking Cybersecurity News | The Hacker News

If your business operations and security of sensitive data rely on Oracle's E-Business Suite (EBS) , make sure you recently updated and are running the latest available version of the software. In a report released by enterprise cybersecurity firm Onapsis and shared with The Hacker News, the firm today disclosed technical details for vulnerabilities it reported in its integrated group of applications designed to automate CRM, ERP, and SCM operations for organizations. The two vulnerabilities, dubbed " BigDebIT " and rated a CVSS score of 9.9, were patched by Oracle in a critical patch update (CPU) pushed out earlier this January. But the company said an estimated 50 percent of Oracle EBS customers have not deployed the patches to date. The security flaws could be exploited by bad actors to target accounting tools such as General Ledger in a bid to steal sensitive information and commit financial fraud. According to the researchers, "an unauthenticated hacker...

After a good year of sustained exuberance, the hangover is finally here. It's a gentle one (for now), as the market corrects the share price of the major players (like Nvidia, Microsoft, and Google), while other players reassess the market and adjust priorities. Gartner calls it the trough of disillusionment , when interest wanes and implementations fail to deliver the promised breakthroughs. Producers of the technology shake out or fail. Investment continues only if the surviving providers improve their products to the satisfaction of early adopters.  Let's be clear, this was always going to be the case: the post-human revolution promised by the AI cheerleaders was never a realistic goal, and the incredible excitement triggered by the early LLMs was not based on market success.  AI is here to stay  What's next for AI then? Well, if it follows the Gartner hype cycle, the deep crash is followed by the slope of enlightenment where the maturing technology regains its foo...

The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field. This recap cuts through the noise to share what really matters—key trends, warning signs, and stories shaping today's security landscape. Whether you're defending systems or just keeping up, these highlights help you spot what's coming before it lands on your screen. ⚡ Threat of the Week Oracle 0-Day Under Attack — Threat actors with ties to the Cl0p ransomware group have exploited a zero-day flaw in E-Business Suite to facilitate data theft attacks. The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network access via HTTP to compromise and take control of the Oracle Concurrent Processing component. In a post shared on LinkedIn, Charles Carmakal, CTO of Mandiant at Google Cloud, said "Cl0p exploited multiple vulnerabilities in Ora...

Set of must-have online security tools that we believe may make a real difference to your cybersecurity program and improve your 2021 budget planning. In September, Gartner published a  list  of "Top 9 Security and Risk Trends for 2020" putting a bold emphasis on the growing complexity and size of the modern threat landscape. Incomplete visibility of external Attack surfaces led to the dramatic increase in disastrous breaches and data leaks during 2020, compromising PII and other sensitive data of millions of victims. These incidents stemmed from sophisticated intrusions by malicious nation-state actors and APT hacking groups, human error, and widespread misconfigurations exposing unprotected cloud storage or databases with confidential data to the Internet. Gartner's security analysts recommend automating laborious security tasks and processes, amid the ongoing shortage of cybersecurity skills, and promptly addressing emerging cloud and containers security risks.  G...

Cybercrime has stopped being a problem of just the internet — it's becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors. The result is a global system where every digital weakness can be turned into physical harm, economic loss, or political leverage. Understanding these links is no longer optional — it's survival. For a full look at the most important security news stories of the week, keep reading. Hidden flaws resurface in Windows core Security Flaws in Windows GDI Details have emerged about three now-patched security vulnerabilities in Windows Graphics Device Interface (GDI) that could enable remote code execution and information disclosure. These issues – CVE-2025-30388 , CVE-2025-53766 , and CVE-2025-47984 – involve out-of-bounds memory access triggered through malformed e...

Even in well-secured environments, attackers are getting in—not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected. These attacks don't depend on zero-days. They work by staying unnoticed—slipping through the cracks in what we monitor and what we assume is safe. What once looked suspicious now blends in, thanks to modular techniques and automation that copy normal behavior. The real concern? Control isn't just being challenged—it's being quietly taken. This week's updates highlight how default settings, blurred trust boundaries, and exposed infrastructure are turning everyday systems into entry points. ⚡ Threat of the Week Critical SharePoint Zero-Day Actively Exploited (Patch Released Today) — Microsoft has released fixes to address two security flaws in SharePoint Server that have come under active exploitation in the wild to breach dozens of organizations across the world. Details of exploitation emer...

Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible instances. "Easily exploitable vulnerability allows low privileged attackers with network access via HTTP to compromise Oracle Agile PLM Framework," according to a description of the security hole in the NIST National Vulnerability Database (NVD). It's worth noting that Oracle warned of active exploitation attempts against another flaw in the same product (CVE-2024-21287, CVSS score: 7.5) in November 2024. Both vulnerabilities affect Oracle Agile PLM Framework version 9.3.6. "Customers are strongly advised to apply the January 2025 Critical Patch Update for Oracle Agile PLM Framework as it includes patche...

Every week, the cyber world reminds us that silence doesn't mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the damage is done. This week's edition looks at how attackers are changing the game — linking different flaws, working together across borders, and even turning trusted tools into weapons. From major software bugs to AI abuse and new phishing tricks, each story shows how fast the threat landscape is shifting and why security needs to move just as quickly. ⚡ Threat of the Week Dozens of Orgs Impacted by Exploitation of Oracle EBS Flaw — Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025, according to Google Threat Intelligence Group (GTIG) and Mandiant. The activity, which bears some hallmarks associated with the Cl0p ransomware crew, is assessed to have fashio...

Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior. Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far more dangerous than being alert. Here's how that false sense of security was broken again this week. ⚡ Threat of the Week Newly Patched Critical Microsoft WSUS Flaw Comes Under Attack — Microsoft released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability that has since come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant as part of its Patch Tuesday update published last week. According to Eye Security and Huntress, the security flaw is being weaponized to drop a .N...

Some of the biggest security problems start quietly. No alerts. No warnings. Just small actions that seem normal but aren't. Attackers now know how to stay hidden by blending in, and that makes it hard to tell when something's wrong. This week's stories aren't just about what was attacked—but how easily it happened. If we're only looking for the obvious signs, what are we missing right in front of us? Here's a look at the tactics and mistakes that show how much can go unnoticed. ⚡ Threat of the Week Apple Zero-Click Flaw in Messages Exploited to Deliver Paragon Spyware — Apple disclosed that a security flaw in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, CVE-2025-43200, was addressed by the company in February as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1. The Citizen Lab said it u...

This week has been crazy in the world of hacking and online security. From Thailand to London to the US, we've seen arrests, spies at work, and big power moves online. Hackers are getting caught. Spies are getting better at their jobs. Even simple things like browser add-ons and smart home gadgets are being used to attack people. Every day, there's a new story that shows how quickly things are changing in the fight over the internet. Governments are cracking down harder on cybercriminals. Big tech companies are rushing to fix their security. Researchers keep finding weak spots in apps and devices we use every day. We saw fake job recruiters on LinkedIn spying on people, huge crypto money-laundering cases, and brand-new malware made just to beat Apple's Mac protections. All these stories remind us: the same tech that makes life better can very easily be turned into a weapon. Here's a simple look at the biggest cybersecurity news happening right now — from the hidde...

Carrying reputation of being India's choicest and oldest hacker's conference, Team ClubHack proudly brings the 6th edition of ClubHack Hacking and Security Conference with more exciting activities. ClubHack 2012 hacker's convention will be held from Nov. 30th to Dec 3rd, 2012 in Pune, India. ClubHack in true sense is a community event and is always the most cost effective yet biggest security event of India. ClubHack 2012 is highly technical conference with 2 days of Technical Briefings and 2 days of hand-on training workshops. ClubHack2012 is loaded with more number of talks, more workshops and a special event HackNight. Event includes specialized hands-on training workshops for Network Admins, DBAs, Developers, Researchers, Architects, Managers, Govt. Agencies, Auditors and Students. For the first time ClubHack introduces a new event for hackers & developers – HackNight, a night where actual hackers spend time not to "break" into someone but to "make" something i...

Welcome to this week's Threatsday Bulletin —your Thursday check-in on the latest twists and turns in cybersecurity and hacking. The digital threat landscape never stands still. One week it's a critical zero-day, the next it's a wave of phishing lures or a state-backed disinformation push. Each headline is a reminder that the rules keep changing and that defenders—whether you're protecting a global enterprise or your own personal data—need to keep moving just as fast. In this edition we unpack fresh exploits, high-profile arrests, and the newest tactics cybercriminals are testing right now. Grab a coffee, take five minutes, and get the key insights that help you stay a step ahead of the next breach. Firmware fights back SonicWall Releases SMA 100 Firmware Update to Remove Rootkit SonicWall has released a firmware update that it said will help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices. "S...