Cyber Brief: Oracle Exploit Alert, UK Nursery Arrests, and JLR Fallout

Today’s cybersecurity headlines highlight active exploits, arrests in major UK data cases, and the ongoing financial ripple effects of supply chain breaches.

Oracle E-Business Suite Exploit Actively Targeted

The NCSC has issued an advisory confirming active exploitation of the CVE-2025-61882 Oracle E-Business Suite vulnerability. Attackers are using this flaw to gain unauthorised access to critical systems, prompting urgent patching recommendations.
👉 Read more on NCSC.gov.uk
Why it matters: Many UK organisations in finance, logistics, and public sectors rely on Oracle EBS. Unpatched systems could expose sensitive financial and operational data — making prompt mitigation essential.

UK Police Arrest Two Over Nursery Data Breach

The Metropolitan Police have arrested two individuals linked to a ransomware attack that compromised data on thousands of children from a London nursery group. The arrests mark a rare enforcement success in a case of criminal data extortion.
👉 Read more on Reuters
Why it matters: The incident is a stark reminder that smaller organisations handling sensitive data — such as education or care providers — are prime targets for financially motivated cybercrime. Regulatory obligations under UK GDPR make breach preparation and detection key priorities.

Vertu Motors Forecasts £5.5 Million Hit from JLR Cyber Fallout

UK automotive retailer Vertu Motors warned that it expects a £5–5.5 million financial impact linked to the recent cyber incident at Jaguar Land Rover, which disrupted supply chains and halted operations across multiple UK sites.
👉 Read more on Reuters
Why it matters: This illustrates how one large-scale breach can cascade through dependent businesses. Supply-chain risk assessments and resilience planning are now a necessity, not an optional exercise.

🔍 Today’s Key Actions

• Verify if your organisation uses Oracle E-Business Suite 12.2.x and apply the latest patch immediately.
• Review data-handling controls, especially if you process sensitive or children’s data - ensure encryption, backups, and breach reporting procedures are in place.
• Reassess supplier risk exposure - ask vendors to confirm their cyber resilience posture following recent supply chain-related breaches.

💬 Secarma Insight

At Secarma, we help organisations strengthen their cyber resilience across every layer of their operations — from proactive Advisory support and Certification readiness to real-world Testing through penetration and red-team exercises.

If today’s headlines have highlighted any weak points in your own defences, get in touch to discuss how we can help.
🔗 Contact our experts | Explore resources