There are no zero days this quarter, but there’s still plenty of work for patching teams.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

Oracle's January 2026 quarterly security update includes 337 patches across its product range, with 27 rated critical. No zero-day vulnerabilities are currently being exploited. The update addresses both proprietary and third-party code issues, including a critical Apache Tika flaw (CVE-2025-66516) rated 9.8 on CVSS. Products requiring the most patches include Zero Data Loss Recovery Appliance (56 patches), Oracle Enterprise Manager (51 patches), and Oracle E-Business Suite (38 patches). Many CVEs reference previous vulnerabilities, creating complexity for patching teams prioritizing their work.

Oracle releases 337 security patches, including fix for critical Apache Tika flaw