Active exploitation detected of critical Oracle E-Business Suite payment processing flaw
By
Matt Kapko
2d ago· 2 min readenNews
Summary
Threat intelligence firm Defused spotted six instances of exploitation of a critical Oracle E-Business Suite vulnerability (CVE-2026-46817, severity 9.8) in its payments processing feature during a two-hour window. Oracle had disclosed and patched the flaw in late March, but attackers are now actively exploiting it, potentially signaling the start of a broader campaign targeting the popular business application suite.
Source
Key quotes
· 1 pulledDefused, a threat intelligence firm, spotted six instances of exploitation during a two-hour window on its honeypots, or decoys designed to monitor malicious activity in non-production environments, Simo Kohonen, founder and CEO of the company, told CyberScoop.
The defect impacts a popular collection of business applications that attackers have hit before in widespread attack sprees.
You might also wanna read
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
thehackernews.com·4d ago
WAF - WAF Release - 2025-10-30 - Emergency
Cloudflare·8mo ago
WAF - WAF Release - 2025-10-20
Cloudflare·8mo ago
WAF - WAF Release - 2025-11-03
Cloudflare·8mo ago
WAF - WAF Release - 2025-10-06
Cloudflare·9mo ago
Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts
thehackernews.com·3d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.