MUST READ

Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools

 | 

Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817

 | 

WhatsApp Usernames Are Coming. You Can Reserve Yours Right Now

 | 

U.S. Targets Russian Cyber Spies With $10M Bounty Over Messaging App Attacks

 | 

StegoAd: How 119 Fake Browser Extensions Stole Credentials and Ran Ad Fraud for Two Years

 | 

SSU and FBI Uncover Russian Cyber Espionage Operation Against Officials and Military Personnel

 | 

KDDI Data Breach Impacts up to 14.2 Million Email Accounts at Six ISPs

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 103

 | 

Security Affairs newsletter Round 583 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

New FBI Alert: Russian Intelligence Uses Signal Recovery Keys to Access Messages

 | 

Hospitality Sector Hit by Phishing Campaign Using Fake Guest Complaint Emails

 | 

DirtyClone: Fourth Linux Kernel Flaw in Six Weeks Escalates to Root

 | 

Chinese APT CL-STA-1062 Expands Attacks on Southeast Asian Critical Infrastructure With Custom Malware

 | 

Activist Phone Hacked With Cellebrite After Russia Contract Cancellation

 | 

U.S. CISA adds Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited Vulnerabilities catalog

 | 

Third-Party Breach at Polymarket Leads to $2.94M Crypto Theft

 | 

macOS.Gaslight: North Korea-Linked Malware That Tries to Gaslight the Analyst

 | 

Tata Electronics Confirms Data Breach After 630GB Leak Claim Targets Apple and Tesla

 | 

Curl Fixes a 25-Year-Old Bug in Its Largest CVE Release Yet

 | 

Inside Mistic, the New Stealth Backdoor in Ransomware Intrusions

 | 

Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817

Pierluigi Paganini June 30, 2026

Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments.

A critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited in the wild, according to cybersecurity firm Defused Cyber.

“CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots.” reads the post on X published by the cybersecuriyt firm. “This vulnerability has no known previous exploitation and no public POC code exists.”

The flaw affects Oracle Payments versions 12.2.3 through 12.2.15 and allows unauthenticated attackers to take over vulnerable systems over HTTP. Oracle fixed the issue in last month’s Critical Patch Update and urges customers to apply the patches immediately.

Defused Cyber did not disclose technical details about the attacks that exploited the flaw or the motivation of the attackers.

In mid June, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle PeopleSoft Enterprise PeopleTools flaw, tracked as CVE-2026-35273 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog.

Oracle PeopleSoft Enterprise PeopleTools is the underlying technology platform used to build, run, administer, and customize Oracle PeopleSoft applications.

The flaw CVE-2026-35273 is a remote code execution vulnerability in Oracle PeopleSoft’s Environment Management component. No authentication required. No user interaction required. Just network access to the Environment Management Hub endpoint and you can take over the server.

Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran from May 27 to June 9, meaning every organization hit during those two weeks was dealing with a zero-day, a flaw with no available patch and no official vendor warning. Sixty-eight percent of the more than 100 organizations Mandiant notified were universities and colleges, most of them in the United States.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – Oracle,  hacking)

CVE-2026-46817 Hacking hacking news information security news IT Information Security Oracle Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini June 30, 2026
Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools
Read more
Pierluigi Paganini June 29, 2026
WhatsApp Usernames Are Coming. You Can Reserve Yours Right Now
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools

Security / June 30, 2026

Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817

Security / June 30, 2026

WhatsApp Usernames Are Coming. You Can Reserve Yours Right Now

Security / June 29, 2026

U.S. Targets Russian Cyber Spies With $10M Bounty Over Messaging App Attacks

Security / June 29, 2026

StegoAd: How 119 Fake Browser Extensions Stole Credentials and Ran Ad Fraud for Two Years

Malware / June 29, 2026