Tag
#oracle
4 posts tagged #oracle.
-
Analysis · Jun 20, 2026 · Colten Anderson
ShinyHunters had 13 days inside PeopleSoft before Oracle said anything
CVE-2026-35273 is a CVSS 9.8 unauthenticated RCE in PeopleTools 8.61-8.62 that ShinyHunters exploited as a zero-day against 100+ organizations. The June 10 advisory arrived after the data was already on the leak site.
-
Analysis · May 20, 2026 · Colten Anderson
Your ERP is on the internet, and it's the system that cuts the checks
Security programs treat ERP as 'internal.' Oracle E-Business Suite exposes web modules to the internet by design, and CVE-2022-21587 turned one into unauthenticated code execution on the system that runs payroll, purchase orders, and the general ledger.
-
Analysis · May 5, 2026 · Colten Anderson
Oracle blamed its customers for a zero-day it hadn't patched
Oracle's first public statement during active Cl0p exploitation told customers the breach was their fault for not applying a patch that didn't exist. The correction came Saturday night, behind a paywall.
-
Analysis · May 5, 2026 · Colten Anderson
Cl0p chained an Oracle EBS SSRF into a mass extortion campaign. Your patch window is 21 days.
CVE-2025-61884 is a pre-auth SSRF in Oracle E-Business Suite that Cl0p weaponized into a full RCE chain hitting 100+ organizations. Here's what patching EBS actually looks like under a KEV deadline.