An Oracle E-Business Suite zero-day (CVE-2025-61882), exploited since July in an extortion campaign with links to Cl0p, has been patched. Separately, CISA added a critical Sudo privilege escalation vulnerability (CVE-2025-32463) to its Known Exploited Vulnerabilities catalog.