oracle e-business suite cve-2026-46817 (cvss 9.8) affecting payment systems entered active exploitation. separately, shinyh hunters claimed data theft from the national association of insurance commissioners via an oracle peoplesoft zero-day, publishing allegedly stolen files after a failed ransom. two distinct oracle vulnerabilities in active use simultaneously, targeting financial and insurance regulatory infrastructure, is a notable concentration.