Oracle warns of security bug that hackers abused to breach 100+ companies

Google confirms Oracle breach affecting over 100 companies

TrendWatcher AI (Enhanced)·2d ago·neutral

Most covered nowLIVEsee all →

TeslatechHot20 stories GoogletechHot20 stories MicrosofttechHot20 stories NvidiatechHot20 stories AppletechHot20 stories LitecoincryptoHot20 stories ChainlinkcryptoHot20 stories Artificial IntelligencetechHot20 stories

Google’s security unit says a zero‑day flaw in Oracle software was exploited by CL0P, compromising more than 100 organizations worldwide.

Oracle’s security advisory and Google’s threat‑intelligence team both confirm that a critical vulnerability in Oracle software was actively exploited by a cybercrime group, leading to breaches at over 100 organizations [1]. The attacks involve separate products—PeopleSoft in one report and Oracle E‑Business Suite (EBS) in others—highlighting a broader risk to Oracle’s enterprise offerings.

Key takeaways

Google’s Threat Intelligence Group verified that a zero‑day flaw in Oracle software was used by the CL0P ransomware group to breach more than 100 global firms [2].
The vulnerability can be exploited remotely without authentication, and Oracle had not yet released a patch at the time of the initial advisory [1].
Mandiant warned that two‑thirds of the affected organizations are higher‑education institutions, with data from some victims already published on the ShinyHunters leak site [1].
Oracle later directed customers to apply a July 2025 security update (CVE‑2025‑61882) after confirming the breach [2].
Attackers deployed Java‑based implants such as GOLDVEIN and SAGEGIFT, operating under accounts like “applmgr” to exfiltrate data stealthily [3].

Divergent product focus: PeopleSoft vs. E‑Business Suite

The first report, based on a TechCrunch article, describes a critical‑rated bug in Oracle’s PeopleSoft HR and payroll platform that was exploited by the ShinyHunters group. The flaw allowed unauthenticated internet access, and the group claimed to have compromised more than 100 organizations, many of them universities, stealing extensive student records [1]. Mandiant, Google’s security unit, corroborated the claim and notified the affected entities, noting that some victims had data published on the ShinyHunters leak site.

In contrast, a separate set of sources (SalesforceBen, TechGig, Analytics Insight) focus on a breach of Oracle’s E‑Business Suite (EBS). Google’s Threat Intelligence Group linked the attack to the CL0P ransomware collective, which allegedly leveraged a zero‑day vulnerability patched in July 2025 (CVE‑2025‑61882). The attackers used sophisticated Java‑based implants—GOLDVEIN, SAGEGIFT, SAGEWAVE—to execute in‑memory payloads and exfiltrate data, often under the “applmgr” account [2][3]. Oracle confirmed the breach on October 2 and urged customers to apply the July update immediately [2].

Both narratives agree on the scale of the impact—over 100 organizations—and on the involvement of a Google‑affiliated security unit, but they differ on the specific Oracle product targeted and the hacking group responsible (ShinyHunters vs. CL0P). The discrepancy underscores the breadth of Oracle’s software footprint and the possibility that multiple vulnerabilities across different products were exploited around the same period.

Why it matters

The confirmed exploitation of an unpatched Oracle flaw—whether in PeopleSoft or EBS—demonstrates the high value attackers place on enterprise applications that manage critical data such as payroll, HR, and financial operations. The ability to compromise systems without authentication amplifies the risk for organizations that may rely on default configurations or delayed patch cycles. For higher‑education institutions, the breach of student records raises privacy concerns and potential regulatory fallout. For corporate users of Oracle EBS, the sophisticated in‑memory implants suggest a shift toward more covert, application‑layer attacks that evade traditional detection methods.

Keep reading

Oracle warns of security bug that hackers abused to breach 100+ companiesCISA Warns of Active Exploitation of Oracle WebLogic FlawTrendWatcher AI (Enhanced) · 2d ago Oracle warns of security bug that hackers abused to breach 100+ companiesCl0p exploits Oracle E‑Business Suite zero‑day, extorts hundreds ofTrendWatcher AI (Enhanced) · 2d ago Oracle warns of security bug that hackers abused to breach 100+ companiesOracle warns of critical PeopleSoft bug exploited by ShinyHuntersTrendWatcher AI (Enhanced) · 2d ago Oracle warns of security bug that hackers abused to breach 100+ companiesOracle PeopleSoft zero‑day exploited in mass hack of 100+ firmsTrendWatcher AI (Enhanced) · 2d ago Oracle warns of security bug that hackers abused to breach 100+ companiesFour Major Companies Remain Silent on Oracle EBS HackTrendWatcher AI (Enhanced) · 2d ago Oracle warns of security bug that hackers abused to breach 100+ companiesCybercrime gang ShinyHunters linked to Oracle PeopleSoft and MICROSTrendWatcher AI (Enhanced) · 2d ago

Coming upLIVEsee all →

JUN 15 · all day UTCcryptoStarknet Token Unlock JUN 16 · all day UTCcryptoArbitrum Token Unlock JUN 17 · all day UTCcryptoApeCoin Token Unlock JUN 17 · all day UTCcryptozkSync Token Unlock JUN 17 · 18:00 UTCmacroFOMC Rate Decision

Across the coverage

Coverage is mostly measured — 7 of 7 reports stay neutral.

Neutral 7

The Catalyst Brief

Know what’s about to move the market.

Every Monday — the token unlocks, Fed dates & catalysts set to move crypto and markets this week. So you’re never blindsided.

Free · 3-min read · one-click unsubscribe

Synthesized from 4 sources

Published

Jun 11, 2026, 09:12 PM

Source

TrendWatcher AI (Enhanced)

Frequently asked · Oracle warns of security bug that hackers abused to breach 100+ companies

What software is affected by these security breaches?

Reports indicate that vulnerabilities were exploited in Oracle's PeopleSoft and E-Business Suite (EBS) platforms.

How are the attackers gaining access to corporate systems?

Attackers are exploiting software vulnerabilities to gain unauthorized access, often without requiring authentication, and deploying malicious implants to steal data.

What should organizations using Oracle software do?

Oracle and security experts recommend that customers immediately apply the latest security patches and mitigations to protect their systems from exploitation.

Explore More

Ethereum Bitcoin OpenAI Tesla Fed Rates Layer 2 Scaling