[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTiTZA7PyZwOp8jl8jveBQl3E6ZMcbbVbXgkTbru8Nws":3},{"article":4,"iocs":54},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":33,"category":34,"article_tags":38},"c0b007d3-37c0-43f9-9858-93b0af632211","Researchers spot exploitation of another critical Oracle defect","researchers-spot-exploitation-of-another-critical-oracle-defect-35a3b2","The defect impacts a popular collection of business applications that attackers have hit before in widespread attack sprees. The post Researchers spot exploitation of another critical Oracle defect appeared first on CyberScoop.","Researchers at Defused discovered active exploitation of CVE-2026-46817, a critical vulnerability (9.8 severity) in Oracle E-Business Suite's payments processing feature, with six instances detected in a two-hour window on Saturday. The activity appears to be reconnaissance and weaponization testing from a single IP address before public proof-of-concepts were released. Shadowserver identified approximately 950 potentially vulnerable exposed instances, with over half located in the United States, raising concerns about a potential broader campaign similar to past Clop ransomware and ShinyHunters extortion sprees.","Oracle E-Business Suite critical vulnerability CVE-2026-46817 exploited in reconnaissance activity","A cybercriminal exploited a critical defect Saturday in the payments processing feature of Oracle E-Business Suite that could mark the early stages of a potentially broader campaign, researchers said. Defused, a threat intelligence firm, spotted six instances of exploitation during a two-hour window on its honeypots, or decoys designed to monitor malicious activity in non-production environments, Simo Kohonen, founder and CEO of the company, told CyberScoop. Oracle disclosed and patched the vulnerability, which is tracked as CVE-2026-46817 with a 9.8 severity rating, in late May and warned that exploitation complexity is low. Kohonen said the exploits were attributed to a single IP address and occurred before any proof-of-concepts were publicly available. “With only one IP and one day of data, it reads more like reconnaissance and weaponization testing than a targeted campaign against a specific victim,” he added. The potential expansion of malicious activity on live networks could be significant. Shadowserver scans found about 950 potentially vulnerable instances of Oracle E-Business Suite on Wednesday, and more than half of those publicly exposed deployments are based in the United States. The defect impacts a popular collection of business applications that attackers have hit before in widespread attack sprees. The notorious Clop ransomware group attempted to extort dozens of victims after it exploited a zero-day and other vulnerabilities in Oracle E-Business Suite last year. The aggressive extortion campaign got underway in October, roughly two months after Clop exploited the defect and stole data en masse. Oracle customers were more recently impacted by an actively exploited zero-day vulnerability in PeopleSoft, which includes more than 40 tools for human resources and customer relationship management. ShinyHunters, the group behind that attack spree dating back to late May, potentially infiltrated the networks of more than 100 organizations mostly in higher education, according to Mandiant and Google Threat Intelligence Group. Share Facebook LinkedIn Twitter Copy Link","https:\u002F\u002Fcyberscoop.com\u002Foracle-ebs-critical-vulnerability-exploited\u002F","https:\u002F\u002Fcyberscoop.com\u002Fwp-content\u002Fuploads\u002Fsites\u002F3\u002F2025\u002F10\u002FGettyImages-2205578283-min.jpg","2026-07-01T19:23:26+00:00","2026-07-01T20:00:22.231274+00:00",9,[18,21,24,27,29,31],{"name":19,"type":20},"Oracle E-Business Suite","product",{"name":22,"type":23},"Oracle","vendor",{"name":25,"type":26},"Clop","threat_actor",{"name":28,"type":26},"ShinyHunters",{"name":30,"type":23},"Defused",{"name":32,"type":23},"Mandiant","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":33,"icon":35,"name":36,"slug":37},null,"Vulnerabilities","vulnerabilities",[39,44,49],{"category":40},{"id":41,"icon":35,"name":42,"slug":43},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":45},{"id":46,"icon":35,"name":47,"slug":48},"574f766a-fb3f-487c-8d2c-0720ae75471b","Zero-day","zero-day",{"category":50},{"id":51,"icon":35,"name":52,"slug":53},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[55],{"type":56,"value":57,"context":58},"cve","CVE-2026-46817","Critical vulnerability in Oracle E-Business Suite payments processing feature with 9.8 severity rating"]