CyberSecurityBoard
Sponsor Register Login

Hackers exploit flaws in Oracle EBS to steal data

Recent cyberattacks have exploited critical vulnerabilities in Oracle E-Business Suite (EBS), allowing hackers to steal sensitive data. Oracle EBS, widely used by enterprises for business process management, has been targeted due to flaws that enable unauthorized access and data exfiltration. These vulnerabilities pose significant risks to organizations relying on Oracle's software for financials, supply chain, and human resources management. Attackers leverage these security gaps to infiltrate networks, extract confidential information, and potentially disrupt operations. The cybersecurity community urges immediate patching and enhanced monitoring to mitigate these threats. This article explores the nature of the vulnerabilities, the methods used by attackers, and best practices for securing Oracle EBS environments against such exploits.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Fri, 03 Oct 2025 11:00:27 +0000


Cyber News related to Hackers exploit flaws in Oracle EBS to steal data

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 year ago Aws.amazon.com
Hackers exploit flaws in Oracle EBS to steal data - Recent cyberattacks have exploited critical vulnerabilities in Oracle E-Business Suite (EBS), allowing hackers to steal sensitive data. Oracle EBS, widely used by enterprises for business process management, has been targeted due to flaws that enable ...
2 months ago Infosecurity-magazine.com CVE-2023-21839 CVE-2023-21840
Oracle EBS Attack Victims More Numerous Than Expected - Oracle E-Business Suite (EBS) vulnerabilities have led to a surge in cyberattacks, with victims far exceeding initial estimates. This article delves into the recent findings that reveal a broader impact of these attacks on organizations using Oracle ...
2 months ago Darkreading.com CVE-2023-21839 CVE-2023-21840
CVE-2016-0635 - Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, ...
6 years ago
NCSC Urges Patch for Critical Oracle E-Business Suite Flaw - The UK's National Cyber Security Centre (NCSC) has issued an urgent advisory to patch a critical vulnerability in Oracle E-Business Suite (EBS). This flaw, identified as CVE-2023-21839, allows remote attackers to execute arbitrary code, posing a ...
2 months ago Infosecurity-magazine.com CVE-2023-21839
Oracle patches EBS zero-day exploited in Clop data theft attacks - Oracle has released critical security patches addressing a zero-day vulnerability in its E-Business Suite (EBS) software, which has been actively exploited by the Clop ransomware group. This vulnerability allowed attackers to gain unauthorized access ...
2 months ago Bleepingcomputer.com CVE-2023-21839 Clop
Oracle’s First Security Update for 2023 Includes 327 New Patches - Oracle has released its first security update of 2023, delivering 327 new security fixes and patching a range of critical vulnerabilities. This update covers products spanning across Oracle’s Cloud portfolio, Fusion Middleware, Hyperion, E-Business ...
2 years ago Securityweek.com
Oracle says "obsolete servers" hacked, denies cloud breach - BleepingComputer has also separately confirmed with multiple Oracle customers that samples of the leaked data (including associated LDAP display names, email addresses, given names, and other identifying information) received from the threat actor ...
8 months ago Bleepingcomputer.com
Discovering SSRF Flaws in Microsoft Azure Services - Microsoft Azure is an incredibly popular cloud computing platform and its services are used around the world. Recently, security researchers uncovered several Server-Side Request Forgery (SSRF) flaws in many of Microsoft Azure’s services. This type ...
2 years ago Securityaffairs.com
Oracle privately confirms Cloud breach to customers - This comes after a threat actor (known as rose87168) put up for sale 6 million data records on BreachForums on March 20 and released multiple text files containing a sample database, LDAP information, and a list of the companies as proof that the ...
8 months ago Bleepingcomputer.com
Oracle privately confirms Cloud breach to customers - This comes after a threat actor (known as rose87168) put up for sale 6 million data records on BreachForums on March 20 and released multiple text files containing a sample database, LDAP information, and a list of the companies as proof that the ...
8 months ago Bleepingcomputer.com
CVE-2017-9278 - The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS logs containing the driver authentication password, potentially disclosing this to attackers able to read the EBS tables. ...
6 years ago
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com
Oracle Confirms that Hackers Broke Systems & Stole Client Login Credentials  - When reports first emerged in March of a threat actor attempting to sell 6 million data records allegedly stolen from Oracle Cloud infrastructure, the company insisted: “There has been no breach of Oracle Cloud. Oracle staff informed select ...
8 months ago Cybersecuritynews.com
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
2 years ago Therecord.media
Over 1,450 pfSense servers exposed to RCE attacks via bug chain - Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance. PfSense is a popular open-source firewall ...
2 years ago Bleepingcomputer.com CVE-2023-42325 CVE-2023-42327 CVE-2023-42326
Oracle Health breach compromises patient data at US hospitals - In a notice sent to impacted customers and seen by BleepingComputer, Oracle Health said it became aware of a breach of legacy Cerner data migration servers on February 20, 2025. Oracle Health has not yet publicly disclosed the incident, but in ...
9 months ago Bleepingcomputer.com
Vulnerability Summary for the Week of January 15, 2024 - This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program. Successful attacks require human interaction from a ...
1 year ago Cisa.gov
Penetration Testing for Sensitive Data Exposure in Enterprise Networks: Everything You Need to Know! - The amount of data enterprises store is much bigger than SMBs. A lot of this data includes sensitive information of customers and clients such as bank details, social security numbers, emails, contact numbers, etc. For those new to data security, ...
2 years ago Securityboulevard.com
CVE-2025-30698 - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; ...
8 months ago
Building a Sustainable Data Ecosystem - Finally, I outline future research and policy refinement directions, advocating for a collaborative and responsible approach to building a sustainable data ecosystem in generative AI. In recent years, generative AI has emerged as a transformative ...
1 year ago Feeds.dzone.com
Why Have Big Cybersecurity Hacks Surged in 2023? - Payments made to hackers who hold systems hostage for ransom increased by almost half through September, according to blockchain analytics firm Chainalysis Inc., totaling almost $500 million in payouts. In just the past few months, hackers have ...
2 years ago Bloomberg.com LockBit
Data Classification: Your 5 Minute Guide - Data classification has become a vital component of data security governance. With the rise of virtual data networks, organizations must take necessary measures to protect and secure confidential information. Data classification is the process of ...
2 years ago Tripwire.com
Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
2 years ago Bleepingcomputer.com
Decoding the data dilemma: Strategies for effective data deletion in the age of AI - Businesses today have a tremendous opportunity to use data in new ways, but they must also look at what data they keep and how they use it to avoid potential legal issues. Forrester predicts a doubling of unstructured data in 2024, driven in part by ...
1 year ago Venturebeat.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)