Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA adds five KEV flaws and sets FCEB remediation deadline

Public Sector Action
First reported
Last updated
Happening score
H score 41
2 unique sources, 2 articles

Summary

Hide ▲

CISA added CVE-2025-61884 in Oracle E-Business Suite to its Known Exploited Vulnerabilities (KEV) Catalog after confirming it is being actively exploited. The flaw is an unauthenticated SSRF in the Oracle Configurator runtime and is tied to July attacks and a leaked exploit associated with ShinyHunters and the Scattered Lapsus$ extortion group. Federal agencies must patch the issue by November 10, 2025. The same reporting distinguishes this activity from the separate CVE-2025-61882 campaign against /OA_HTML/SyncServlet, which is attributed to Clop.

Related Happenings

Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)

Vulnerability
H score58 First: 11.06.2026 22:39 Last: 11.06.2026 22:39 Sources 1

About this happening: **Oracle PeopleSoft PeopleTools CVE-2026-35273** is a critical **zero-day RCE** affecting **PeopleSoft Enterprise PeopleTools 8.61 and 8.62**. Oracle released **emergency mitigati...

Latest development: 29.06.2026 23:40

Nissan says it suffered a data breach affecting current and former employees after attackers exploited an Oracle PeopleSoft zero-day associated with CVE-2026-35273. Oracle informed Nissan that personnel records of hundreds of companies may have been obtained and that Nissan was specifically targeted, with potentially exposed data including contact details, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary data for employees in the United States, Canada, Mexico, and Brazil.

CISA KEV order for FCEB remediation of CVE-2026-50751

Public Sector Action
H score43 First: 09.06.2026 11:18 Last: 09.06.2026 11:18 Sources 1

About this happening: **CISA** ordered **Federal Civilian Executive Branch** agencies to secure **CVE-2026-50751**, forcing a rapid federal response to a flaw that can let attackers bypass authenticati...

CISA KEV order for SolarWinds Serv-U CVE-2026-28318

Public Sector Action
H score50 First: 06.06.2026 11:14 Last: 06.06.2026 11:14 Sources 1

About this happening: **CISA** added **CVE-2026-28318** affecting **SolarWinds Serv-U** to the **KEV catalog** and ordered **FCEB agencies** to remediate it by **June 19, 2026**. The directive expands...

Oracle WebLogic Server unauthenticated remote compromise flaw (CVE-2024-21182)

Vulnerability
H score59 First: 02.06.2026 15:40 Last: 02.06.2026 15:40 Sources 1

About this happening: **CVE-2024-21182** in **Oracle WebLogic Server** is **actively exploited** and can let a **network-access attacker** achieve **unauthenticated remote compromise**. The flaw affect...

CISA orders federal patching of Oracle WebLogic CVE-2024-21182

Public Sector Action
H score53 First: 02.06.2026 15:40 Last: 02.06.2026 15:40 Sources 1

About this happening: CISA ordered **federal agencies** to patch **Oracle WebLogic Server** against **CVE-2024-21182** by **June 4**, creating an immediate remediation deadline for affected government...

Timeline

  1. 20.10.2025 22:00 3 articles · 8mo ago

    CISA adds Oracle EBS flaw and four other bugs to KEV Catalog

    Legal Policy Action Update

    CISA added CVE-2025-61884 in Oracle E-Business Suite (EBS) and four other security flaws to the Known Exploited Vulnerabilities (KEV) Catalog, confirming that the Oracle Configurator SSRF bug was weaponized in real-world attacks and directing Federal Civilian Executive Branch (FCEB) agencies to remediate the listed vulnerabilities by November 10, 2025.

    Show sources