Oracle
Oracle Ships Out-of-Band Fix for PeopleSoft Zero-Day CVE-2026-35273 as ShinyHunters Loots 100+ Orgs
Oracle pushed an emergency alert for CVE-2026-35273, an unauthenticated CVSS 9.8 RCE in PeopleSoft PeopleTools. Mandiant confirms in-the-wild exploitation, and ShinyHunters claims data theft from 100+ organizations including the University of Nottingham.
Oracle WebLogic CVE-2024-21182 Hits CISA KEV: Two-Year-Old T3 Bug Now Under Active Exploitation
CISA added the unauthenticated Oracle WebLogic T3/IIOP flaw CVE-2024-21182 to its Known Exploited Vulnerabilities catalog on June 1. The patch has shipped for two years — this is a story about exposed, unpatched middleware.
Oracle Identity Manager Pre-Auth RCE: CVE-2026-21992 Emergency Patch
Oracle issued an out-of-band emergency fix for CVE-2026-21992, a CVSS 9.8 unauthenticated RCE in Oracle Identity Manager's REST WebServices component affecting versions 12.2.1.4.0 and 14.1.2.1.0.