ORACLE released its June 2026 Critical Security Patch Update (CSPU), adding 245 new patches to address severe vulnerabilities across multiple products, including Communications and MySQL. Approximately 120 vulnerabilities are classified as critical, and around 100 can be exploited remotely without authentication. Notably, the majority of these vulnerabilities were found in Oracle Fusion Middleware.
Oracle reiterated the importance of users applying patches, especially after reports of exploitation attempts by the ShinyHunters group targeting Oracle PeopleSoft. However, there is no confirmation of exploitation of zero-day vulnerabilities in their advisory.