Oracle has quietly fixed a zero-day vulnerability (CVE-2025-61884) in its E-Business Suite after the ShinyHunters extortion group leaked a functional exploit. The patch arrives amid confusion over multiple active exploit chains and Oracle's failure to disclose active attacks despite evidence of server breaches. Security teams scramble to untangle mismatched advisories while urging immediate patching.