Oracle races to patch a another zero-day following rise in attacks

5 hours ago 8

Oracle looks into the future and sees support ending (Image credit: Future)

Oracle patched CVE-2025-61884, a critical unauthenticated E-Business Suite vulnerability
ShinyHunters allegedly exploited the flaw to steal sensitive corporate data from multiple organizations
This is Oracle’s second patch addressing exploit chains used in recent ransomware extortion campaigns

Oracle has patched yet another E-Business Suite vulnerability that was allegedly used by the ShinyHunters team to exfiltrate sensitive corporate data from numerous organizations.

Earlier this week, the company published a new security advisory, announcing a patch for CVE-2025-61884. This vulnerability, discovered in E-Business Suite, “is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password,” Oracle explained. “If successfully exploited, this vulnerability may allow access to sensitive resources.”

It affects versions 12.2.3-12.2.14, Oracle added, stressing that it “always recommends that customers remain on actively-supported versions and apply all Security Alerts and Critical Patch Update security patches without delay”.

Breaking the exploit chain

While the advisory does not mention ShinyHunters or the recent string of breaches, BleepingComputer confirmed, with the help of a few cybersecurity organizations, that the patch does in fact break the exploit chain used by the threat actors.

This is the second patch Oracle released to address flaws in E-Business Suite recently, both of which were allegedly used by threat actors to steal sensitive information.

In early October, executives at various businesses across the United States started receiving extortion emails, claiming to have been sent by ransomware actors known as Cl0p. At the time, Oracle claimed that the attackers were actually exploiting an n-day vulnerability that was patched a few months prior.

However, it soon backtracked and released a patch for CVE-2025-61882, a bug that allowed an unauthenticated attacker with HTTP network access to compromise, and fully take over, the Oracle Concurrent Processing component of E-Business Suite.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In the meantime, other threat actors started targeting E-Business Suite users. Among them, ShinyHunters, notorious hackers part of the Scattered Lapsus$ Hunters collective, responsible for breaches at Qantas, Fujifilm, and others.

Now, with the second patch arriving, we will see if the holes are finally plugged.

Via BleepingComputer

Don't forget to take a look at our Windows 10 End of Life live updates here

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Oracle forced to rush out patch for zero-day exploited in attacks
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article