CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse
Agencies have until December 12 to mitigate flaw that was likely exploited before Big Red released fix CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks - a scramble made more urgent by evidence that attackers may have been abusing the bug months before a fix was released....