Oracle

The Clop ransomware group weaponized CVE-2025-61882 and CVE-2025-61884 to breach nearly 100 organizations including Allianz UK, GlobalLogic, Envoy Air, Harvard, and Washington Post, with ransom demands reaching $50 million.

Massive security update includes patches across 122 products with two CVSS 10.0 flaws. Java SE receives 11 remotely exploitable patches, and Financial Services Applications have 33 unauthenticated attack vectors.