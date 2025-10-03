Oracle has advised customers that hackers may be exploiting vulnerabilities in unpatched instances of its E-Business Suite (EBS).

This follows a warning by the Google Threat Intelligence Group (GTIG) that an individual or group of hackers were sending extortion emails to executives in several companies, claiming to have stolen sensitive data from Oracle’s EBS.

Oracle is aware that some Oracle EBS customers have received extortion emails, Rob Duhart, Oracle Security’s CSO, confirmed in a statement published October 2.

“Our ongoing investigation has found the potential use of previously identified vulnerabilities that are addressed in the July 2025 Critical Patch Update,” said Duhart, urging customers to apply the patches.

Nine Oracle E-Business Suite Flaws to Patch Now

Oracle’s July 2025 critical patch update was a major security advisory where the business software provider released patches for 309 vulnerabilities across its product range.

These included nine flaws affecting its E-Business Suite. Three are critical and three others are exploitable remotely without authentication.

Here is the full list, from most to least severe: