New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login

October 12, 2025
No Comments

New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login

Oracle on Saturday issued a security alert warning of a fresh security flaw impacting its E-Business Suite that it said could allow unauthorized access to sensitive data.
The vulnerability, tracked as CVE-2025-61884, carries a CVSS score of 7.5, indicating high severity. It affects versions from 12.2.3 through 12.2.14.
“Easily exploitable vulnerability allows an unauthenticated attacker with

Leave a Reply Cancel reply

The Shadow AI Identity Crisis October 3, 2025
AI agents are no longer just a conceptual risk; they’ve landed and are storming the beach. From drafting code to executing business logic, these agents are autonomous and increasingly embedded into enterprise workflows. Tasked with responsibilities once reserved for humans, this growing class of shadow identities is acting with wide-ranging access, little oversight, and no […]
Eric Olden
The AI Democracy: How Defenders Can Thwart Attackers October 3, 2025
AI has transmuted the game for attackers and defenders within the past three years. Threat actors haven’t hesitated to adopt AI-powered methods. Defenders have the opportunity to respond in kind with AI-powered solutions. While emerging on the market, these solutions have yet to be adopted across the board. However, given the risks created by large […]
Katrina Thompson
Red Hat OpenShift AI Vulnerability Allows Attackers to Seize Infrastructure Control October 3, 2025
A newly disclosed security flaw in Red Hat Open Shift AI could allow attackers to escalate privileges and seize control of entire infrastructures – albeit under specific conditions. Tracked as CVE-2025-10725, the vulnerability carries a CVSS score of 9.9 out of 10, falling just short of the maximum severity rating. Red Hat has classified the […]
Josh Breaker Rolfe
Beyond Phishing: Why AI Is Critical in BEC Detection and Forensics October 2, 2025
Although business email compromise (BEC) and phishing are often included in the same breath, their differences extend beyond how they are launched to how they are caught. BEC requires deeper context-aware detection than basic phishing tools provide, and AI delivers that. BEC vs. Phishing: The Security Perspective From a practitioner’s point of view, stopping a […]
Katrina Thompson
Why ROT is a Risk Enterprises Shouldn’t Ignore October 2, 2025
While most enterprises have made ongoing investments in their tech infrastructure and processes to wring out vulnerabilities, many organisations are unknowingly clinging to a habit that’s quietly undermining their security posture: hoarding redundant, obsolete, and trivial (ROT) data. This forgotten clutter—scattered across servers, cloud drives, and legacy systems—serves no business purpose. However, it does some […]
Manuel Sanchez
Cyberattack Halts Asahi Group’s Operations in Japan October 1, 2025
Japan’s leading beverage company, Asahi, has suffered a significant disruption to its operations following a cyberattack that began on 29 September 2025. The attack has led to a complete system failure, halting production, order processing, shipping, and customer service activities across the company’s Japanese operations. Asahi said that there has been no confirmed leakage of […]
Kirsten Doyle
Phantom Taurus: A New Face in Chinese Espionage October 1, 2025
Researchers from Palo Alto’s Unit 42 say a suspected group of Chinese actors infiltrated email servers used by foreign ministries. The attackers accessed Microsoft Exchange systems and combed through messages related to diplomatic activities. The threat, dubbed “Phantom Taurus” targets governments and telecoms across Africa, the Middle East, and Asia. Its operations align closely with […]
Kirsten Doyle
AI Agents Open a New Front in Cybersecurity: ForcedLeak in Salesforce Agentforce September 30, 2025
Noma Labs has uncovered a severe flaw in Salesforce’s Agentforce platform. The chain of vulnerabilities, dubbed ForcedLeak, carried a CVSS score of 9.4 and exposed customer data to theft through indirect prompt injection and a loophole in Salesforce’s Content Security Policy. The weakness lay in how Agentforce (an autonomous AI agent) processed instructions. Unlike conventional […]
Kirsten Doyle
Harrods Will Not Engage with Its Attackers September 30, 2025
Harrods says attackers made contact after a breach compromised data belonging to 430,000 customers. The luxury department store said it will not be engaging with them. The information was taken from a third-party provider. In a statement, Harrods said: “We proactively informed affected e-commerce customers on Friday that the impacted personal data is limited to […]
Kirsten Doyle
Federal Agencies Scramble as Cisco Firewall Flaws Are Exploited September 29, 2025
Federal civilian agencies must immediately patch critical Cisco firewall vulnerabilities being exploited by an “advanced threat actor.” The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive ordering immediate action. The vulnerabilities (CVE-2025-20333 and CVE-2025-20362) affect Cisco Adaptive Security Appliances (ASA). One allows remote code execution, the other privilege escalation. Bad actors have been […]
Kirsten Doyle

New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login

New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login

Share :

Leave a Reply Cancel reply