CISA Flags Critical Oracle Vulnerability as Exploitation Intensifies

On November 22, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued a stern warning regarding a critical vulnerability in Oracle Identity Manager, identified as CVE-2025-61757. This vulnerability has been actively exploited in the wild, prompting CISA to advise organizations to apply patches without delay. The potential impact of this vulnerability underscores the importance of timely software updates and vigilant monitoring of systems against exploitation attempts. Organizations relying on Oracle's solutions must prioritize this patching process to safeguard their infrastructures against emerging threats. Failing to address this vulnerability could lead to significant security breaches, exposing sensitive data and compromising overall system integrity. For further details, refer to the CISA announcement.

Also In Security Today

• Iberia Airlines Data Breach: Iberia Airlines confirmed a cyberattack that led to the compromise of customer personal data. The breach involved unauthorized access to a third-party repository, exposing names and emails, although critical payment information was unaffected. Organizations must scrutinize third-party service security rigorously. Read more.

• Matrix Push C2 Phishing Attacks: A new phishing method utilizing browser notifications has emerged, known as Matrix Push C2. This command-and-control platform is increasingly used in fileless phishing attacks, highlighting the evolving tactics of cybercriminals. Learn more.

• Social Engineering Attacks on the Rise: Companies across various sectors are increasingly targeted by social engineering attacks. Recently, DoorDash experienced a breach due to a phishing attack that compromised employee credentials, leading to potential exposure of sensitive customer information. Explore further.