Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Oracle E-Business Suite July 2025 Critical Patch Update

Security Patch Release
First reported
Last updated
Happening score
H score 8
1 unique sources, 1 articles

Summary

Hide ▲

Oracle's July 2025 Critical Patch Update delivered nine E-Business Suite patches and fixed roughly 200 vulnerabilities, including flaws that could be exploited remotely without authentication. The release covered multiple named CVEs and is significant because EBS is used by organizations handling sensitive enterprise data. It closed a mix of medium- and high-severity issues in Oracle's ERP platform.

Related Happenings

Microsoft Exchange CVE-2026-42897 mitigation advisory

Advisory/Mitigation
First: 15.05.2026 12:40 Last: 15.05.2026 12:40 Sources 1

About this happening: **Microsoft** issued immediate mitigation guidance for **CVE-2026-42897**, reducing risk for **Exchange Server 2016, 2019, and Subscription Edition (SE)** on-premises servers that...

Latest development: 15.05.2026 15:35

Microsoft issued temporary mitigation guidance for CVE-2026-42897 while a patch is still in development, recommending the Exchange Emergency Mitigation (EM) Service, which is enabled by default and can be checked with the Exchange Health Checker script, or the Exchange On-premises Mitigation Tool (EOMT) for disconnected or air-gapped environments. Microsoft noted that the mitigations can disrupt features such as OWA Print Calendar and Inline images, and that servers older than March 2023 cannot receive new mitigations through EM Service.

Open Happening

SAP May 2026 security updates for Commerce Cloud and S/4HANA (15 vulnerabilities)

Security Patch Release
First: 12.05.2026 14:04 Last: 12.05.2026 14:04 Sources 1

About this happening: **SAP** released its **May 2026 security updates** for **15 vulnerabilities** across **Commerce Cloud**, **S/4HANA**, and other products, including **two critical flaws** that can...

Open Happening

NIST CVE/NVD prioritization shift

Public Sector Action
First: 17.04.2026 00:47 Last: 17.04.2026 00:47 Sources 1

About this happening: **NIST** is **changing** its **CVE/NVD prioritization** so that, starting **April 15, 2026**, it will provide full details only for a **subset of CVEs**. The shift matters because...

Open Happening

Oracle security patch release for CVE-2026-21992

Security Patch Release
First: 21.03.2026 12:24 Last: 21.03.2026 12:24 Sources 1

About this happening: **Oracle** released **security updates** for **CVE-2026-21992**, a critical flaw in **Identity Manager** and **Web Services Manager** that could enable **unauthenticated remote co...

Open Happening

Rising zero-day exploitation across end-user and enterprise products in 2025

Target Trend
First: 05.03.2026 17:03 Last: 05.03.2026 17:03 Sources 1

About this happening: **Zero-day exploitation** stayed elevated in **2025**, with **90 actively exploited flaws** spread across **end-user platforms** and **enterprise products**. That matters because...

Open Happening

Timeline

  1. 03.10.2025 12:55 2 articles · 7mo ago

    Oracle confirms extortion emails targeting E-Business Suite customers

    Initial Disclosure

    Oracle confirmed that some E-Business Suite customers received extortion emails, and its investigation found the potential use of previously identified vulnerabilities addressed in the July 2025 Critical Patch Update. Google Threat Intelligence Group and Mandiant said executives at many organizations using Oracle’s E-Business Suite enterprise resource planning product received emails claiming the theft of sensitive information, with the messages sent from compromised accounts previously linked to FIN11 while claiming to come from Cl0p members.

    Show sources
    Open in new tab