Oracle Zero-Day Vulnerability

Cyber Security News by CyberSum.net

Published on October 6, 2025 at 09:00 AM

2 sources

Oracle has issued an urgent security alert for a critical zero-day vulnerability affecting Oracle E-Business Suite, allowing remote code execution without authentication, with a maximum CVSS 3.1 score of 9.8, indicating critical severity, and a security researcher has developed and released a Nuclei detection template to identify vulnerable Oracle E-Business Suite instances, which can be executed using the Nuclei vulnerability scanner, and organizations running affected Oracle E-Business Suite versions should prioritize patching as soon as possible.

Also Read

PassiveNeuron Cyberespionage Campaign Resurfaces with New Tactics

The PassiveNeuron cyberespionage campaign has re-emerged after a six-month hiatus, targeting government, financial, and industrial organizations with sophisticated malware. The campaign primarily exploits Microsoft SQL servers to gain initial access, leveraging vulnerabilities or brute-forcing credentials. Attackers deploy ASPX web shells and adapt their techniques to evade detection, using custom malware like Neursite and NeuralExecutor. The campaign's persistence and targeted nature highlight the need for robust SQL injection defenses and comprehensive web shell detection.

By Cyber Security News by CyberSum.netOctober 21, 2025 at 09:00 PM