Skip to main content
FreeIntelHub
Feed Threat Feed Search Trending
Intelligence CVE Priority Vulnerability IOC Lookup IOC Feed YARA Rules Phishing Lookup Exploit Lookup Pastes Dark Web
Adversaries Threat Groups Software Campaigns
Explore Dashboard Geo Map Heatmap MITRE ATT&CK
Browse Sources Vendors Categories Sectors
RSS API
FreeIntelHub
/
Sign In

Oracle

20 articles

SC Media Zero-Day Oracle Jun 26

NAIC confirms cyberattack after ShinyHunters claims 3.1TB data theft

The attack exploited a zero-day vulnerability in Oracle PeopleSoft, an enterprise resource planning software.

T1041

SC Media →

GBHackers Malware Oracle GitHub Jun 26

Mini Shai-Hulud Worm Poisons LeoPlatform npm Packages to Steal Developer and CI/CD Secrets

A fresh supply-chain wave tied to the Mini Shai-Hulud, Miasma, and Hades malware families is actively poisoning npm packages in the LeoPlatform and RStreams ...

GBHackers →

Schneier on Security Malware Oracle Jun 24

Embedding Forbidden Text in Spyware to Discourage AI Analysis

At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The...

T1059 T1598

Schneier on Security →

Zero Day Initiative CVE Oracle Jun 24

ZDI-26-362: Oracle VirtualBox VMSVGA Stack-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to...

T1548 T1068 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Oracle Jun 24

ZDI-26-389: Oracle PeopleSoft ExecuteProcessActivityCommand External Control of File Path Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle PeopleSoft. Although authentication is required to e...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Oracle Jun 24

ZDI-26-388: Oracle PeopleSoft HubMBeanPersistance Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle PeopleSoft. Although authentication is required to e...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Oracle Jun 24

ZDI-26-387: Oracle PeopleSoft HttpListeningConnector Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Oracle PeopleSoft. Authentication is not r...

1 IOC

Zero Day Initiative →

Information Security Buzz Zero-Day Oracle Jun 19

ShinyHunters targets Oracle PeopleSoft customers through critical zero-day

Oracle has issued a security alert to customers about a critical vulnerability affecting PeopleSoft environments after the notorious threat actor ShinyHunter...

1 IOC

Information Security Buzz →

GBHackers Campaigns Oracle Jun 19

SmartApeSG Hackers Abuse Okendo Reviews Widget in E-Commerce Supply Chain Attack

A supply-chain style compromise in the Okendo Reviews widget that enabled the SmartApeSG threat actor to deliver staged JavaScript loaders across a wide e-co...

T1195

GBHackers →

CSO Online Advisory Oracle Jun 19

Oracle releases 245 new security patches, all rated ‘high-priority security’

The Oracle Critical Security Patch update (CSPU) released this week contains 245 newly-announced fixes for supported on-premises software, some of which impa...

CSO Online →

Qualys Blog Advisory Oracle Jun 18

Oracle Critical Patch Update, June 2026 Security Update Review

Oracle released its third quarterly edition of this year’s Critical Patch Update. The update received patches for 245 security vulnerabilities.

Qualys Blog →

Schneier on Security Malware Oracle Jun 18

Embedding Forbidden Text in Spyware to Discourage AI Analysis

At least one malware developer is adding text about nuclear and biological weapons to their spyware, in an effort to stop automatic AI analysis. Details: The...

T1059 T1598

Schneier on Security →

Tenable Blog CVE Oracle Jun 18

Oracle June 2026 Critical Security Patch Update Addresses 243 CVEs (CVE-2026-35273)

Oracle addresses 243 CVEs in its June 2026 Critical Security Patch Update with 245 patches, including 122 critical updates. Key Takeaways The June 2026 Criti...

1 IOC

Tenable Blog →

SecurityWeek Advisory Oracle Jun 17

Oracle’s Second Monthly Security Updates Deliver 245 Patches 

Oracle has released its June 2026 Critical Security Patch Update to fix vulnerabilities in Communications, EBS, Enterprise Manager and other products. The po...

SecurityWeek →

The Hacker News Supply Chain Oracle Intel Jun 17

144 Mastra npm Packages Compromised via Hijacked Contributor Account

As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artifi...

T1195

The Hacker News →

GBHackers Ransomware Oracle Jun 17

CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups

The U.S.

1 IOC

GBHackers →

GBHackers Vulnerability Disclosure Oracle WordPress Jun 17

Hackers Inject Malicious JavaScript Into WordPress Sites to Deploy ErrTraffic ClickFix Lures

Hackers are injecting malicious JavaScript into compromised WordPress sites to deploy ErrTraffic-powered ClickFix lures, a campaign that achieved nearly 60% ...

T1059.001

GBHackers →

GBHackers Vulnerability Disclosure Oracle WordPress Jun 16

OptinMonster Plugin Vulnerability Exposes 1.2 Million WordPress Sites to Cyberattacks

A large-scale supply chain attack targeting the popular OptinMonster WordPress plugin has exposed more than 1.2 million websites to active compromise.

T1195

GBHackers →

The Hacker News General Oracle WordPress Jun 15

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way t...

The Hacker News →

Security Affairs Supply Chain Oracle WordPress Jun 15

Supply Chain Attack Hits Popular WordPress Plugins Through Awesome Motive CDN

Attackers compromised Awesome Motive CDN files, backdooring WordPress sites running OptinMonster, TrustPulse, and PushEngage. Sansec researchers discovered a...

T1195

Security Affairs →

«Previous page 1 2 3 4 5 Next page»
FreeIntelHub · Open-source CTI platform

All articles belong to their respective owners. FreeIntelHub aggregates publicly available RSS feeds for informational purposes only. DMCA