HIPAA violations in 2025: Staff mistakes and vendor blind spots – Lynchburg News and Advance
HIPAA violations in 2025: Staff mistakes and vendor blind spots Lynchburg News and Advance
HIPAA violations in 2025: Staff mistakes and vendor blind spots – Wahoo Newspaper
HIPAA violations in 2025: Staff mistakes and vendor blind spots Wahoo Newspaper
HIPAA violations in 2025: Staff mistakes and vendor blind spots – Martinsville Bulletin
HIPAA violations in 2025: Staff mistakes and vendor blind spots Martinsville Bulletin
HIPAA violations in 2025: Staff mistakes and vendor blind spots – stacker.com
HIPAA violations in 2025: Staff mistakes and vendor blind spots – DBRNews.com
HIPAA violations in 2025: Staff mistakes and vendor blind spots – Yahoo
HIPAA violations in 2025: Staff mistakes and vendor blind spots – Caledonian Record
HIPAA violations in 2025: Staff mistakes and vendor blind spots Caledonian Record
Critical Flaw in Oracle Identity Manager Under Active Exploitation
A critical vulnerability in Oracle Identity Manager is under active exploitation, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). CISA has instructed all federal civilian executive branch agencies to ensure the vulnerability is patched by December 12, 2025, and strongly recommends that all users apply the available patches as soon as possible.
The remote code execution vulnerability can be easily exploited by an unauthenticated remote attacker via HTTP. Successful exploitation would allow an attacker to execute arbitrary code on vulnerable systems, leading to a full takeover of Oracle Identity Manager. The vulnerability is tracked as CVE-2025-61757 and has a CVSS severity score of 9.8 out of 10. The vulnerability is due to missing authentication for a critical function in the REST WebServices component of Oracle Fusion Middleware. The vulnerability can be exploited to trick a security filter into treating protected endpoints as publicly accessible, allowing access to a script that can be abused to run malicious code.
The vulnerability was identified by Searchlight Cyber researchers Adam Kues and Shubham Shahflow, who reported the vulnerability to Oracle. The researchers identified the flaw while investigating a security incident that exploited an older vulnerability, CVE-2021-35587. The researchers report that, in contrast to some of the previously identified vulnerabilities in Oracle Access Manager, this flaw is somewhat trivial and is easily exploitable by threat actors.
The vulnerability affects the supported versions 12.2.1.4.0 and 14.1.2.1.0. Oracle released patches to fix the vulnerability in its batch of October 2025 security updates. Any users who have yet to download and install the patches should do so immediately to prevent exploitation, as the researchers have now released all the necessary information to exploit the flaw.
While it is unclear how widely the vulnerability is being exploited, it is likely to be a prime target for ransomware groups. Some evidence has been found to suggest that the flaw has been exploited since August 30, 2025, potentially by an advanced persistent threat actor.
The post Critical Flaw in Oracle Identity Manager Under Active Exploitation appeared first on The HIPAA Journal.
Critical Vulnerability Identified in Emerson Appleton UPSMON-PRO – The HIPAA Journal
Critical Vulnerability Identified in Emerson Appleton UPSMON-PRO The HIPAA Journal