VulnHub

The article highlights the exploitation of CVE-2025-61757, which follows a breach of Oracle Cloud and an extortion campaign targeting Oracle E-Business Suite customers. This indicates a significant security threat that could impact numerous organizations relying on Oracle's services.

CISA has confirmed the exploitation of a vulnerability in Oracle Identity Manager, identified as CVE-2025-61757, which has been added to its Known Exploited Vulnerabilities catalog. This indicates a significant security risk for organizations using the affected systems, necessitating immediate attention to mitigate potential breaches.

Mazda has been identified as a victim of the Cl0p ransomware group's Oracle EBS campaign, but the company asserts that there has been no data leakage or operational impact from the incident. This situation highlights the ongoing threat posed by ransomware groups targeting enterprise systems.

Cox has confirmed a significant data breach involving Oracle EBS, with over 1.6 terabytes of data reportedly stolen and made public by cybercriminals. This incident highlights the severity of cybersecurity threats faced by organizations and the potential exposure of sensitive information for numerous alleged victims.

CISA has identified a critical security vulnerability in Oracle Identity Manager, classified as CVE-2025-61757, which is actively being exploited. This vulnerability involves missing authentication for a critical function, posing significant security risks.

A critical unauthenticated remote code execution vulnerability, identified as CVE-2025-61757, has been discovered in Oracle Identity Manager. This flaw poses significant risks as it may be exploited as a zero-day, allowing attackers to execute arbitrary code without authentication.

CISA has added CVE-2025-61757, a critical vulnerability in Oracle Fusion Middleware, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. This vulnerability poses significant risks to federal networks, prompting CISA to urge timely remediation by all organizations to mitigate potential cyberattacks.