[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f8nQQByiOctkSs6fK0GGRD_zn0HIPt_der0am-rDEpY0":3},{"article":4,"iocs":44},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":33,"category":34,"article_tags":38},"aded03b8-350a-426e-8515-48cc9c108c36","Exploitation of Recent Oracle E-Business Suite Vulnerability Begins","exploitation-of-recent-oracle-e-business-suite-vulnerability-begins-d6076c","The critical-severity defect allows unauthenticated attackers to take over the E-Business Suite’s Payments product. The post Exploitation of Recent Oracle E-Business Suite Vulnerability Begins appeared first on SecurityWeek.","A critical vulnerability (CVE-2026-46817, CVSS 9.8) in Oracle E-Business Suite's Payments product is being actively exploited by threat actors, allowing unauthenticated remote compromise. The flaw was patched by Oracle in May 2026, but exploitation attempts have already been detected in honeypots over the weekend. Organizations are urged to apply patches immediately given the severity and newly observed attacks.","Threat actors exploit critical Oracle E-Business Suite Payments vulnerability CVE-2026-46817","Threat actors have started exploiting a critical vulnerability in Oracle E-Business Suite (EBS), threat intelligence firm Defused warns. Tracked as CVE-2026-46817 (CVSS score of 9.8), the issue was identified in the File Transmissions component of E-Business Suite’s Payments product. According to Oracle, unauthenticated attackers can exploit the security defect over HTTP to compromise Payments. “Successful attacks of this vulnerability can result in takeover of Oracle Payments,” Oracle notes. CVE-2026-46817 was resolved in late May as part of Oracle’s first monthly Critical Security Patch Update (CSPU), which addressed 77 vulnerabilities. On Monday, Defused warned that the first exploitation attempts against the critical flaw hit its EBS honeypots over the weekend.Advertisement. Scroll to continue reading. The threat intelligence company also points out that there have been no previous reports of the bug’s in-the-wild exploitation and that no public proof-of-concept (PoC) exploit targeting it exists either. Given the vulnerability’s critical severity and the newly observed attacks, organizations are advised to apply Oracle’s patches as soon as possible. Security defects in E-Business Suite and other Oracle products are regularly targeted in attack campaigns. In October 2025, the Cl0p ransomware and extortion group exploited a zero-day flaw in the enterprise product to steal data from more than 100 organizations. In early 2023, threat actors began exploiting a security weakness in E-Business Suite shortly after a PoC was made public. This month, the infamous extortion group ShinyHunters claimed to have targeted over 100 organizations in a campaign targeting Oracle PeopleSoft, and a handful of victims have already confirmed the impact. Related: Nissan Employee Data Breached in Oracle PeopleSoft Hack Related: Oracle’s Second Monthly Security Updates Deliver 245 Patches Related: Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks Related: Oracle WebLogic Vulnerability Exploited in the Wild Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights. More from Ionut Arghire Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer MachinesStraiker Raises $64 Million for AI Security Platform‘DirtyClone’ Linux Kernel Vulnerability Leads to Root AccessUS Offers $10 Million Bounty for Russian State Hackers as Messaging App Attacks EvolveChinese Framework Powers 200,000 Scam SitesMore Klue Breach Victims Identified as Hackers Get HackedNebulock Raises $25 Million for AI-Native Contextual SecurityLinux Foundation Unveils New Open Source Security Project Akrites Latest News Hacker Conversations: Chris Thompson, Former Head of IBM X-Force Red, Co-Founder of RemoteThreatSupreme Court Rules Constitutional Privacy Protections Apply to Cellphone Users’ Location HistoryThe AI Token Costs That Can Break CybersecurityNissan Employee Data Breached in Oracle PeopleSoft HackCritical SimpleHelp Vulnerability Exploited for Malware DeliveryQuantifind Raises $200 Million for AI-Native Risk IntelligenceNew Controller Flaws Expose Highway Signs and Billboards to Remote HackingWhatsApp Rolling Out Username Feature to Bolster Phone Number Privacy Trending Daily Briefing NewsletterSubscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Why Email Security Keeps Failing (And What Has to Change) July 8, 2026 Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more. Register Virtual Event: 2026 Cloud Security Summit July 16, 2026 This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments. Register People on the MoveTracey Mustacchio has joined Everfox as Chief Marketing Officer.Mark Carter has been appointed Chief Information Security Officer at Socure.Spektrum Labs has named Mark Cravotta Chief Operating Officer.More People On The MoveExpert Insights The AI Token Costs That Can Break Cybersecurity As cybersecurity platforms embrace agentic AI, organizations must balance detection performance against the escalating costs of token consumption, deployment architecture, and AI credits. (Danelle Au) When Information Becomes the Attack Surface – Understanding AI Agent Traps From hidden content injections to cognitive state poisoning, attackers are turning trusted data sources into traps for autonomous AI. (Etay Maor) What the Latest ShinyHunters Breaches Reveal About Modern Cyberattacks Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. (Torsten George) No Exploits Required Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. (Tod Beardsley) After AI Reaches Production: 12 Ways Security Teams Can Take Control Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb) Flipboard Reddit Whatsapp Whatsapp Email","https:\u002F\u002Fwww.securityweek.com\u002Fexploitation-of-recent-oracle-e-business-suite-vulnerability-begins\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F10\u002FOracle-E-Business-Suite.jpeg","2026-06-30T11:29:48+00:00","2026-06-30T12:00:10.428957+00:00",9,[18,21,24,26,29,31],{"name":19,"type":20},"Oracle","vendor",{"name":22,"type":23},"Oracle E-Business Suite","product",{"name":25,"type":23},"Oracle E-Business Suite Payments",{"name":27,"type":28},"Cl0p","threat_actor",{"name":30,"type":28},"ShinyHunters",{"name":32,"type":20},"Defused","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":33,"icon":35,"name":36,"slug":37},null,"Vulnerabilities","vulnerabilities",[39],{"category":40},{"id":41,"icon":35,"name":42,"slug":43},"574f766a-fb3f-487c-8d2c-0720ae75471b","Zero-day","zero-day",[45],{"type":46,"value":47,"context":48},"cve","CVE-2026-46817","Critical vulnerability in Oracle E-Business Suite Payments File Transmissions component, CVSS 9.8, allows unauthenticated remote takeover"]