Extortion campaign targeting Oracle E-Business Suite customers linked to zero-day

Mandiant researchers said Clop ransomware is indeed linked to a series of emails threatening to release stolen data.
CSO Online

Oracle issues emergency patch for zero-day flaw exploited by Cl0p ransomware gang

Information about the vulnerability exposed by EBS portals is spreading, raising likelihood of new attacks, experts warn.
American Hospital Association

H-ISAC TLP White Vulnerability Bulletin: Oracle E-Business Suite Vulnerability (CVE-2025-61882) Exploited in Extortion Attacks

On October 4, 2025, Oracle released an advisory to address a critical vulnerability, CVE-2025-61882, affecting E-Business Suite (EBS) systems, versions 12.2.3 through 12.2.14.
SecurityWeek

Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks

Oracle E-Business Suite attack confirmed to be the work of Cl0p and Oracle has admitted that a zero-day has been exploited.
Computer Weekly

Oracle patches E-Business suite targeted by Cl0p ransomware

Oracle pushes a patch for a dangerous zero-day under active exploitation by one of the most notorious ransomware gangs around ...

Oracle patches EBS zero-day exploited in Clop data theft attacks

Oracle is warning about a critical E-Business Suite zero-day vulnerability tracked as CVE-2025-61882 that allows attackers to ...
Security Boulevard

Cl0p Ransomware Group Exploited in a Zero-Day in Oracle EBS Attacks

The Cl0p ransomware group exploited a zero-day security flaw in Oracle's E-Business Suite to compromise corporate networks and steal data, according to Mandiant. The threat actors are sending emails ...

Oracle forced to rush out patch for zero-day exploited in attacks

The bug is tracked as CVE-2025-61882, and was given a severity score of 9.8/10 (critical). An unauthenticated attacker with ...