There will soon be a monthly distribution of security patches at Oracle.
The publisher announced it at the end of April. It has just released a schedule. The first deadline is May 28. It will then occur on the third Tuesday of the month. So June 16, July 21, August 18, etc.
These patches will be more targeted than the quarterly updates, which will nonetheless contain their content. They will not substitute for out-of-band advisories for vulnerabilities requiring immediate remediation. The most recent one, detected in March, affected Identity Manager and Web Services Manager. It posed a remote code execution risk without authentication (base score: 9.8).
In its late-April announcement, Oracle recalled having access to Claude Mythos Preview and to OpenAI’s “most capable” models. The latest-generation AIs “increase the speed and scale” of vulnerability discovery, it claimed. As such, it pledged to monthly patch for on-premises environments.
For further reading:
Claude Mythos worries European banks
GPT-5.4-Cyber, OpenAI’s answer to Claude Mythos
Microsoft integrates Claude Mythos into its secure development program
How the Cyber Campus assesses the impact of Claude Mythos
