π£ Oracle quietly confirms public cloud data breach, customer data stolen.
The attacker exploited a vulnerability in Oracle Access Manager to breach Oracle-hosted servers. The vulnerability is tracked as CVE-2021-35587 and was assigned a critical severity score 9.8/10. It was patched in mid-January 2022, raising questions over whether Oracle kept its own servers vulnerable to a flaw it fixed more than three years ago.
CrowdStrike is investigating the incident along FBI.
https://www.techradar.com/pro/security/oracle-quietly-confirms-public-cloud-data-breach-customer-data-stolen