< ciso
brief />
Tag Banner

All news with #oracle tag

85 articles

Amazon RDS adds support for Oracle Database 26ai

🚀 Amazon RDS for Oracle now supports Oracle Database 26ai, Oracle's Long Term Support release, with integration to Amazon Bedrock providing access to foundation models such as Anthropic Claude, Amazon Nova, and Meta Llama. Oracle Database 26ai enables Select AI for generating and running SQL from natural language prompts and supports in-database RAG via Oracle AI Vector Search, avoiding the need for a separate vector store. The release also offers JSON Relational Duality Views and SQL Property Graphs and is available in Enterprise Edition across commercial and GovCloud regions.
read more →

Over 900 Oracle E-Business instances exposed online

🔒 Over 900 Oracle E-Business Suite (EBS) instances were found exposed online amid active attacks exploiting a critical File Transmission flaw in Oracle Payments (CVE-2026-46817). The vulnerability permits unauthenticated HTTP takeover, and Oracle released patches in its May 2026 Critical Security Patch Update, urging immediate remediation. Threat intelligence firm Defused reported active exploitation observed on honeypots, while Shadowserver noted roughly 950 exposed instances and the extent of patching remains unclear.
read more →

Critical Oracle E‑Business Suite Flaw Actively Exploited

🔒 A critical authentication and privilege-management vulnerability, tracked as CVE-2026-46817 (CVSS 9.8), affects Oracle Payments in E‑Business Suite versions 12.2.3 through 12.2.15 and has been observed under active exploitation. Patches were released in Oracle's last Critical Security Patch Update, but Defused Cyber reported exploitation against their honeypots and noted no prior public PoC. Details about the attack method, attribution, and campaign scope remain unknown, while experts urge rapid incident response and patching.
read more →

Nissan reports employee data breach after PeopleSoft zero-day

🔒 Nissan has disclosed a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability tied to a wider campaign. The automaker says the incident may have exposed contact, financial, tax, and identification details and impacts employees in the US, Canada, Mexico, and Brazil. Nissan has engaged external cybersecurity experts, restricted certain payroll functions, and will offer monitoring services to affected individuals while working with Oracle on remediation.
read more →

NAIC Confirms PeopleSoft Breach Exposes Credit Data

🔒 The US National Association of Insurance Commissioners (NAIC) disclosed a security breach detected on June 11 and revealed on June 17 that an unauthorized actor exploited a zero-day in Oracle PeopleSoft to access parts of its environment. The attacker obtained and published some statutory financial reporting and credit rating agency data, and possibly routine technical files. NAIC says personal, payment, and several regulatory system records were not compromised and operations are largely restored.
read more →

AWS launches EC2 U7in-24TB in Seoul region

🚀 Amazon EC2 High Memory U7in-24TB instances (u7in-24tb.224xlarge) are now available in the AWS Asia Pacific (Seoul) region. These 7th-generation U7i instances use custom Intel Sapphire Rapids CPUs and provide 24 TiB of DDR5 memory, 896 vCPUs, up to 200 Gbps network, and 100 Gbps EBS bandwidth to accelerate in-memory workloads. U7i offers up to 45% better price performance over prior U-1 instances and is suited for mission-critical databases like SAP HANA, Oracle, and SQL Server.
read more →

Oracle issues 245 high-priority security fixes

🔒 Oracle released a Critical Security Patch update containing 245 fixes for supported on-premises products, including Enterprise Manager, JD Edwards, Fusion Middleware, MySQL and PeopleSoft. The update provides targeted, high-priority fixes outside the quarterly cadence to reduce disruption and speed remediation. Several patches address remote, unauthenticated exploits—most notably in WebLogic Server, Oracle Coherence and PeopleSoft—some of which are already actively exploited or present immediate risk. Vendors and analysts warn that the scale and placement of these flaws, especially in Fusion Middleware components nearing end of support, create significant control-plane and pivot risks.
read more →

Oracle Autonomous AI Database Serverless on AWS

🛠️ Oracle Autonomous AI Database Serverless (ADB-S) is now available on Oracle Database@AWS through AWS Marketplace with Bring Your Own License and License Included options. ADB-S runs on Exadata infrastructure as a fully managed service that automates patching, tuning, scaling, backups, and high availability. It supports four workload types—AI Transaction Processing, AI Lakehouse, AI JSON Database, and Oracle APEX—with independent compute and storage scaling. Integrations include AWS KMS for encryption, Amazon CloudWatch for monitoring, and Amazon EventBridge for events.
read more →

Amazon EC2 U7i-8TB high memory instances in Paris

🔥 Amazon EC2 High Memory U7i-8TB instances (u7i-8tb.112xlarge) are now available in the AWS Europe (Paris) region. These 7th-generation U7i instances are powered by custom 4th-generation Intel Xeon Scalable (Sapphire Rapids) processors and provide 8 TiB of DDR5 memory for scaling transaction processing throughput. They deliver 448 vCPUs, up to 100 Gbps EBS and network bandwidth, ENA Express, and up to 45% better price performance versus U-1 instances. U7i instances are targeted at mission-critical in-memory databases such as SAP HANA, Oracle, and SQL Server.
read more →

ShinyHunters exploited Oracle PeopleSoft zero‑day

🔒 The ShinyHunters extortion group exploited an unpatched Oracle PeopleSoft remote code execution zero‑day (CVE-2026-35273) to compromise enterprise servers, steal data, and extort victims. Mandiant links the activity to UNC6240 and observed attacks from May 27 to June 9, before Oracle published its advisory on June 10. The flaw requires no authentication and exposes PeopleTools 8.61 and 8.62 installations with externally reachable Environment Management Hub endpoints. Universities were heavily targeted; mitigations focus on disabling or blocking PSEMHUB and hunting for post‑exploit indicators.
read more →

Oracle mitigates PeopleSoft zero-day used in data theft

🔔 Oracle warns of a critical PeopleSoft Suite zero-day, CVE-2026-35273, enabling unauthenticated remote code execution and carrying a CVSS 9.8 score. The flaw impacts PeopleSoft PeopleTools versions 8.61 and 8.62; Oracle released emergency mitigations and plans a patch. Threat actor ShinyHunters is linked to active exploitation and large-scale data theft across hundreds of instances. Administrators are urged to review logs and block identified IPs to assess compromise.
read more →

ShinyHunters Target Oracle PeopleSoft Instances

🛡️ ShinyHunters are actively stealing data from Oracle PeopleSoft instances, claiming breaches across 300 instances at over 100 organizations. The actor says they used a mix of old and zero-day vulnerabilities in a "gadget chain," with many victims in the education sector. Exposed tooling, scripts, and IOCs were found in online directories, and impacted organizations are urged to check logs and begin incident response immediately.
read more →

Two-year-old Oracle WebLogic flaw now actively exploited

🔒 US federal agencies were ordered to patch a two-year-old high-severity Oracle WebLogic Server vulnerability, CVE-2024-21182, after its addition to CISA’s Known Exploited Vulnerabilities catalog. The flaw affects supported versions 12.2.1.4.0 and 14.1.1.0.0 and was patched by Oracle in the July 2024 CPU. Security experts note that inclusion in the KEV indicates active weaponization and highlight persistent slow patching across organizations as a key risk.
read more →

CISA Adds Oracle WebLogic CVE-2024-21182 to KEV

🔒 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Oracle WebLogic vulnerability, CVE-2024-21182 (CVSS 7.5), to its Known Exploited Vulnerabilities Catalog after evidence of active exploitation. The flaw permits unauthenticated network attackers to compromise servers via T3 and IIOP protocols and was patched by Oracle in July 2024. Federal agencies are urged to apply fixes by June 4, 2026, to protect critical data and systems.
read more →

CISA orders federal patch for WebLogic zero-day

🛡️ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to patch an actively exploited Oracle WebLogic vulnerability, CVE-2024-21182, by June 4 under BOD 22-01. The flaw affects Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 and enables unauthenticated remote compromise via T3/IIOP. Shodan reports over 1,592 exposed and vulnerable WebLogic instances, and CISA urges all organizations to apply vendor mitigations or discontinue use if fixes are unavailable.
read more →

Oracle launches monthly Critical Security Patch Update

🔒 Oracle has issued its first monthly Critical Security Patch Update (CSPU), addressing 35 vulnerabilities that require more urgent attention than quarterly releases. The batch includes 11 critical, 18 high, and 6 medium severity flaws, with several affecting Oracle REST Data Services, Oracle E-Business Suite, and Oracle Payments. Some older supply-chain bugs have public proof-of-concept exploits, increasing patching urgency.
read more →

Amazon RDS for Oracle adds April 2026 RU and SPB

🔔 Amazon RDS for Oracle now supports the Oracle April 2026 Release Update (RU) for 19c and 21c and the Supplemental Patch Bundle (SPB) for 19c. The SPB, formerly the Oracle Spatial Patch Bundle, contains additional patches for targeted features such as Oracle Spatial, Data Pump, and GoldenGate. You can apply the RU or SPB via the RDS Console, SDK, or CLI and enable Automatic Minor Version Upgrade or use AWS Organizations rollout policies to stagger updates across environments.
read more →

Oracle Database@AWS expands to twenty AWS regions

🟢 Oracle Database@AWS is now generally available in eight additional AWS Regions — Zurich, Milan, Spain, Paris, Osaka, Singapore, Melbourne, and Sao Paulo — enabling customers to access OCI-managed Oracle Exadata systems from within AWS data centers. This expansion brings the service to twenty regions total, supporting migrations of on-premises Oracle Exadata and Oracle RAC workloads and meeting in-region data residency requirements. Customers can request a private offer from Oracle via the AWS Marketplace and configure databases through the AWS Management Console.
read more →

Oracle moves to monthly security patches to counter AI

🔔 Oracle will issue monthly Critical Security Patch Updates (CSPUs) for its ERP, database and other software, shifting from a quarterly cadence to address faster AI-driven vulnerability discovery. The first monthly CSPU will arrive May 28, then releases will follow on the third Tuesday of each month (June 16, July 21, August 18). Oracle will still publish a cumulative quarterly Critical Patch Update and will auto-apply fixes for customers in Oracle-managed cloud environments. The change primarily affects customers running Oracle software on premises or in third-party hosting.
read more →

Oracle AI Database@Google Cloud: Enabling Agentic AI

🧭 Oracle AI Database@Google Cloud brings Oracle's mission-critical databases natively into Google Cloud to enable direct pipelines from enterprise records to the AI layer. The announcement expands regional availability, introduces an Oracle AI Database Agent for Gemini interaction, and integrates with Database Center, Knowledge Catalog, OCI GoldenGate, and VPC Service Controls. These features aim to lower latency, simplify governance, and make Oracle data actionable for agentic AI workflows.
read more →