Find notable cyber news and cases, enriched with sources, timelines, and signals.

Oracle EBS zero-day exploitation wave (dozens of victims)

Exploitation Wave
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

A multi-victim Oracle E-Business Suite (EBS) exploitation wave is affecting dozens of victims, with the total possibly exceeding 100. The activity is tied to zero-day vulnerabilities in October 2025, signaling broad abuse of exposed Oracle EBS deployments. At this scale, the wave raises the risk of repeated compromise, downstream data theft, and extortion across multiple organizations.

Related Happenings

Oracle PeopleSoft broad zero-day exploitation campaign

Exploitation Wave
H score82 First: 29.06.2026 13:00 Last: 29.06.2026 13:00 Sources 1

About this happening: A **broad PeopleSoft zero-day exploitation campaign** exposed **multiple organizations** to compromise after attackers abused a **previously unknown Oracle PeopleSoft vulnerabilit...

ShinyHunters Oracle PeopleSoft data theft from 300 instances

Data Leak
H score46 First: 11.06.2026 22:39 Last: 11.06.2026 22:39 Sources 1

About this happening: The **ShinyHunters** data-leak event against **Oracle PeopleSoft** instances exposed data from **300 instances** across **100+ organizations**, expanding the risk of theft-driven...

Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)

Vulnerability
H score58 First: 11.06.2026 22:39 Last: 11.06.2026 22:39 Sources 1

About this happening: **Oracle PeopleSoft PeopleTools CVE-2026-35273** is a critical **zero-day RCE** affecting **PeopleSoft Enterprise PeopleTools 8.61 and 8.62**. Oracle released **emergency mitigati...

Latest development: 29.06.2026 23:40

Nissan says it suffered a data breach affecting current and former employees after attackers exploited an Oracle PeopleSoft zero-day associated with CVE-2026-35273. Oracle informed Nissan that personnel records of hundreds of companies may have been obtained and that Nissan was specifically targeted, with potentially exposed data including contact details, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary data for employees in the United States, Canada, Mexico, and Brazil.

ShinyHunters Oracle PeopleSoft data theft and extortion campaign

Campaign
H score60 First: 10.06.2026 21:31 Last: 10.06.2026 21:31 Sources 1

About this happening: **ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...

Latest development: 29.06.2026 23:40

Nissan says attackers exploited an Oracle PeopleSoft vulnerability in a ShinyHunters-linked campaign and that the company was specifically targeted, with personal information for current and former employees in the United States, Canada, Mexico, and Brazil potentially exposed. Nissan says the material may include employee contact information, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary information, and the company has activated incident response, engaged external cybersecurity experts, secured affected systems, and is working with Oracle.

Oracle WebLogic Server CVE-2026-21962 rapid exploitation wave

Exploitation Wave
H score59 First: 26.03.2026 18:00 Last: 26.03.2026 18:00 Sources 1

About this happening: **Oracle WebLogic Server** systems faced a rapid **CVE-2026-21962** exploitation wave after public exploit code appeared, creating immediate **RCE risk** for exposed servers. The...

Timeline

  1. 12.11.2025 17:30 1 articles · 7mo ago

    Oracle EBS exploitation observed

    Exploitation Observed

    Oracle confirmed that threat actors were likely exploiting vulnerabilities against Oracle E-Business Suite environments on October 2, 2025, indicating active abuse of a previously unknown zero-day path affecting exposed Oracle instances.

    Show sources
  2. 12.11.2025 17:30 1 articles · 7mo ago

    Oracle issues zero-day security advisory

    Mitigation Patch Update

    Oracle issued a security advisory on October 4, 2025 about a previously unknown zero-day exploit affecting Oracle E-Business Suite, establishing the vendor response that prompted customers to assess exposure and patch affected systems.

    Show sources
  3. 12.11.2025 17:30 1 articles · 7mo ago

    Data exfiltration confirmed from GlobalLogic Oracle instance

    Victim Impact Update

    GlobalLogic's investigation confirmed that data was exfiltrated from its Oracle environment on October 9, 2025, turning the Oracle E-Business Suite compromise into a confirmed data theft event affecting employee information.

    Show sources
  4. 12.11.2025 17:30 2 articles · 7mo ago

    GlobalLogic discloses Oracle EBS compromise to 10,471 people

    Initial Disclosure

    GlobalLogic notified 10,471 current and former employees that personal data from its Oracle E-Business Suite platform was compromised in a large-scale data extortion campaign, with exposed HR records including names, addresses, phone numbers, dates of birth, passport information, salary information, and bank account details.

    Show sources