[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fyJVZ5WEePyKnEKbJkabmfvPvjXAu4FF6IW7Axx4lR7Q":3},{"article":4,"iocs":55},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":34,"category":35,"article_tags":39},"8c3cdfd4-e233-4743-9983-9090d3870d4e","Over 900 Oracle E-Business instances exposed to ongoing attacks","over-900-oracle-e-business-instances-exposed-to-ongoing-attacks-bb8831","Over 900 Oracle E-Business Suite (EBS) instances have been found exposed online amid ongoing attacks exploiting a critical security flaw. [...]","A critical vulnerability (CVE-2026-46817, CVSS 9.8) in Oracle E-Business Suite's File Transmission component is being actively exploited in the wild, with threat intelligence firm Defused reporting first exploitation attempts over the weekend. Over 950 EBS instances are exposed online according to Shadowserver, with no clarity on how many have been patched since Oracle's May 2026 security update. This marks the latest in a string of Oracle product vulnerabilities—including PeopleSoft zero-days and EBS flaws—that have been weaponized by extortion gangs and state-sponsored actors.","Over 900 Oracle E-Business Suite instances exposed; CVE-2026-46817 actively exploited in attacks.","Over 900 Oracle E-Business instances exposed to ongoing attacks By Sergiu Gatlan July 1, 2026 08:30 AM 0 Over 900 Oracle E-Business Suite (EBS) instances have been found exposed online amid ongoing attacks exploiting a critical security flaw. The vulnerability (tracked as CVE-2026-46817) was found in the File Transmission component of EBS's Oracle Payments product and allows malicious actors without privileges and with HTTP network access to take over vulnerable systems through low-complexity attacks. Oracle has patched this flaw with security updates released as part of its May 2026 Critical Security Patch Update and urged customers to patch their systems immediately. While the company has yet to flag this flaw as exploited in attacks, threat intelligence company Defused warned on Monday that threat actors are now actively exploiting it, with the first attempts spotted over the weekend. \"CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited. Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots. This vulnerability has no known previous exploitation and no public POC code exists,\" Defused noted. Earlier today, internet security watchdog Shadowserver also warned that it tracks around 950 Oracle EBS instances exposed online. However, there is no information regarding how many of these systems have been secured against CVE-2026-46817 attacks. Oracle EBS instances exposed online (Shadowserver) ​Last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) also tagged a high-severity Oracle WebLogic Server flaw (CVE-2024-21182) patched two years ago as actively exploited in the wild. Weeks later, Oracle mitigated a critical PeopleSoft Suite zero-day (CVE-2026-35273) that was exploited by the ShinyHunters extortion gang to gain unauthenticated remote code execution between May 27 and June 9 and to steal data from many organizations worldwide, including Nottingham University and the National Association of Insurance Commissioners (NAIC). Most recently, Nissan also warned of a data breach affecting current and former employees following the compromise of its Oracle PeopleSoft instance. Since early August 2025, the Clop extortion gang has exploited another Oracle EBS security flaw (CVE-2025-61882) in zero-day attacks targeting U.S. universities (including Harvard University, the University of Pennsylvania, Dartmouth College, and the University of Phoenix), as well as high-profile victims like Logitech, GlobalLogic, and the Washington Post. CISA has added 44 vulnerabilities across various Oracle products to its catalog of actively exploited flaws since November 2021, 13 of which were also abused by ransomware gangs. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: Hackers now exploit critical Oracle E-Business flaw in attacksCritical SimpleHelp flaw exploited to deploy new stealer malwareCISA sets urgent deadline to fix Cisco flaw exploited in attacksCISA warns of max severity Ubiquiti flaws exploited in attacksCisco Unified CM flaw CVE-2026-20230 now exploited in attacks","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fover-900-oracle-e-business-instances-exposed-to-ongoing-attacks\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F07\u002F01\u002FOracle.jpg","2026-07-01T12:30:01+00:00","2026-07-01T14:00:13.699116+00:00",9,[18,21,24,26,29,31],{"name":19,"type":20},"Oracle","vendor",{"name":22,"type":23},"Oracle E-Business Suite","product",{"name":25,"type":23},"Oracle PeopleSoft Suite",{"name":27,"type":28},"ShinyHunters","threat_actor",{"name":30,"type":28},"Clop",{"name":32,"type":33},"File Transmission component","technology","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":34,"icon":36,"name":37,"slug":38},null,"Vulnerabilities","vulnerabilities",[40,45,50],{"category":41},{"id":42,"icon":36,"name":43,"slug":44},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":46},{"id":47,"icon":36,"name":48,"slug":49},"574f766a-fb3f-487c-8d2c-0720ae75471b","Zero-day","zero-day",{"category":51},{"id":52,"icon":36,"name":53,"slug":54},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[56,60,63,66,69],{"type":57,"value":58,"context":59},"cve","CVE-2026-46817","Critical Oracle E-Business Suite File Transmission vulnerability (CVSS 9.8) allowing unauthenticated HTTP takeover; actively exploited in the wild.",{"type":57,"value":61,"context":62},"CVE-2024-21182","High-severity Oracle WebLogic Server flaw patched two years ago; flagged by CISA as actively exploited.",{"type":57,"value":64,"context":65},"CVE-2026-35273","Critical Oracle PeopleSoft Suite zero-day exploited by ShinyHunters extortion gang for RCE and data theft (May 27 - June 9).",{"type":57,"value":67,"context":68},"CVE-2025-61882","Oracle EBS security flaw exploited by Clop extortion gang in zero-day attacks since August 2025 targeting US universities and enterprises.",{"type":57,"value":70,"context":71},"CVE-2026-20230","Cisco Unified CM flaw actively exploited in attacks."]