Tag

#oracle

2 posts tagged #oracle.

Analysis · May 5, 2026 · The Field Notes Desk

Oracle blamed its customers for a zero-day it hadn't patched

Oracle's first public statement during active Cl0p exploitation told customers the breach was their fault for not applying a patch that didn't exist. The correction came Saturday night, behind a paywall.
Analysis · May 5, 2026 · The Field Notes Desk

Cl0p chained an Oracle EBS SSRF into a mass extortion campaign. Your patch window is 21 days.

CVE-2025-61884 is a pre-auth SSRF in Oracle E-Business Suite that Cl0p weaponized into a full RCE chain hitting 100+ organizations. Here's what patching EBS actually looks like under a KEV deadline.