Breach Roundup: Recently Patched Oracle Flaw Under Attack

Also: npm Packages Infiltrated, FBI Issues Fraud Alert, Campbell's Soup Cans CISO Pooja Tikekar (@PoojaTikekar) • November 27, 2025

Every week, ISMG rounds up cybersecurity incidents and breaches around the world. This week, a recently patched critical Oracle flaw is being actively exploited, Shelly addressed a Pro 4PM denial-of-service vulnerability, "Shai-Hulud 2.0" executed an npm attack that leaked thousands of secrets, the FBI warned of rising bank account takeover fraud, regulators fined Comcast over a vendor breach, Spanish airline Iberia reported a supplier incident, researchers flagged five Fluent Bit vulnerabilities and Campbell fired its CISO in the wake of a lawsuit and leaked audio.

See Also: Going Beyond the Copilot Pilot - A CISO's Perspective

A critical vulnerability in Oracle Identity Manager, recently patched by the vendor, is being actively exploited by attackers, warned the U.S. Cybersecurity and Infrastructure Security Agency.

The vulnerability, tracked as ...