Tag: oracle
-
CrowdStrike Alerts on Oracle E-Business Suite 0-Day Under Mass Exploitation
Tags: business, crowdstrike, cyber, data, exploit, group, intelligence, oracle, remote-code-execution, threat, vulnerability, zero-dayA novel zero-day vulnerability in Oracle E-Business Suite (CVE-2025-61882) is being actively exploited in a large-scale data exfiltration campaign, with CrowdStrike Intelligence attributing primary involvement to the GRACEFUL SPIDER threat group and warning that public proof-of-concept details will spur further attacks. On August 9, 2025, the first suspected exploitation of an unauthenticated remote code execution…
-
NCSC: Patch Critical Oracle EBS Bug Now
A critical Oracle E-Business Suite vulnerability is being actively exploited by the Clop ransomware group First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ncsc-patch-critical-oracle-ebs-bug/
-
CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025
CrowdStrike links Oracle EBS flaw CVE-2025-61882 (CVSS 9.8) to Cl0p, enabling unauthenticated RCE, first exploited on August 9, 2025. CrowdStrike researchers attributed with moderate confidence the exploitation of Oracle E-Business Suite flaw CVE-2025-61882 (CVSS 9.8) to the Cl0p group, also known as Graceful Spider. The critical bug allows unauthenticated remote code execution, with the first…
-
Sicherheitslücke: FBI warnt vor Angriffen auf Oracles E-Business Suite
Die Ransomware-Gruppe Clop erpresst Unternehmen mit angeblich gestohlenen Daten aus der Oracle-E-Business-Suite. First seen on golem.de Jump to article: www.golem.de/news/sicherheitsluecke-fbi-warnt-vor-angriffen-auf-oracles-e-business-suite-2510-200863.html
-
U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, exploit, flaw, infrastructure, kev, linux, microsoft, oracle, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle, Mozilla, Linux Kernel, Microsoft Windows, and MicrosoftIE flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Oracle, Linux Kernel, Mozilla, Microsoft Windows, and MicrosoftIE flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This…
-
U.S. CISA adds Oracle, Mozilla, Microsoft Windows, Linux Kernel, and Microsoft IE flaws to its Known Exploited Vulnerabilities catalog
Tags: cisa, cybersecurity, exploit, flaw, infrastructure, kev, linux, microsoft, oracle, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle, Mozilla, Linux Kernel, Microsoft Windows, and MicrosoftIE flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Oracle, Linux Kernel, Mozilla, Microsoft Windows, and MicrosoftIE flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This…
-
Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks
CrowdStrike on Monday said it’s attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful Spider (aka Cl0p), and that the first known exploitation occurred on August 9, 2025.The exploitation involves the exploitation of CVE-2025-61882 (CVSS score: 9.8), a critical vulnerability…
-
Cl0p Ransomware Actively Exploiting Oracle E-Business Suite 0-Day
Tags: advisory, attack, business, cve, cyber, data-breach, email, exploit, extortion, group, oracle, ransomware, threat, vulnerability, zero-dayThe notorious Cl0p ransomware group has beenactively exploiting a critical zero-day vulnerabilityin Oracle’s E-Business Suite (EBS), targeting enterprise customers through CVE-2025-61882. This sophisticated attack campaign has prompted Oracle to issue an emergency security advisory after reports surfaced that multiple organizations received extortion emails from the threat actors. Critical Zero-Day Vulnerability Exposed Oracle confirmed the exploitation…
-
Cl0p Ransomware Actively Exploiting Oracle E-Business Suite 0-Day
Tags: advisory, attack, business, cve, cyber, data-breach, email, exploit, extortion, group, oracle, ransomware, threat, vulnerability, zero-dayThe notorious Cl0p ransomware group has beenactively exploiting a critical zero-day vulnerabilityin Oracle’s E-Business Suite (EBS), targeting enterprise customers through CVE-2025-61882. This sophisticated attack campaign has prompted Oracle to issue an emergency security advisory after reports surfaced that multiple organizations received extortion emails from the threat actors. Critical Zero-Day Vulnerability Exposed Oracle confirmed the exploitation…
-
NCSC Issues Alert on Active Exploitation of Oracle E-Business Suite 0-Day Vulnerability
Tags: business, cve, cyber, exploit, flaw, oracle, remote-code-execution, risk, vulnerability, zero-dayThe UK National Cyber Security Centre (NCSC) has issued a security alert following confirmation of active exploitation of a critical 0-day vulnerability, tracked as CVE-2025-61882, in Oracle E-Business Suite (EBS). Oracle has released an urgent security update to address the issue, underscoring the immediate risk to organisations running affected EBS versions. Critical Remote Code Execution Flaw in…
-
NCSC Issues Alert on Active Exploitation of Oracle E-Business Suite 0-Day Vulnerability
Tags: business, cve, cyber, exploit, flaw, oracle, remote-code-execution, risk, vulnerability, zero-dayThe UK National Cyber Security Centre (NCSC) has issued a security alert following confirmation of active exploitation of a critical 0-day vulnerability, tracked as CVE-2025-61882, in Oracle E-Business Suite (EBS). Oracle has released an urgent security update to address the issue, underscoring the immediate risk to organisations running affected EBS versions. Critical Remote Code Execution Flaw in…
-
Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks
CrowdStrike on Monday said it’s attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful Spider (aka Cl0p), and that the first known exploitation occurred on August 9, 2025.The exploitation involves the exploitation of CVE-2025-61882 (CVSS score: 9.8), a critical vulnerability…
-
Cl0p Ransomware Group Exploited in a Zero-Day in Oracle EBS Attacks
The Cl0p ransomware group exploited a zero-day security flaw in Oracle’s E-Business Suite to compromise corporate networks and steal data, according to Mandiant. The threat actors are sending emails to executives of those companies demanding payment or risk the data being sold on underground markets or made public. First seen on securityboulevard.com Jump to article:…
-
Oracle zero-day defect amplifies panic over Clop’s data theft attack spree
The notorious ransomware group exploited multiple vulnerabilities, including a zero-day, for at least eight weeks before alleged victims received extortion demands. First seen on cyberscoop.com Jump to article: cyberscoop.com/oracle-zero-day-clop/
-
Oracle patches E-Business suite targeted by Cl0p ransomware
Oracle pushes a patch for a dangerous zero-day under active exploitation by one of the most notorious ransomware gangs around. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632397/Oracle-patches-E-Business-suite-targeted-by-Cl0p-ransomware
-
FBI, UK Gov’t urge orgs to patch Oracle E-Business vuln after alleged Clop campaign
FBI Assistant Director Brett Leatherman said “this is ‘stop-what-you’re-doing and patch immediately’ vulnerability.” First seen on therecord.media Jump to article: therecord.media/fbi-uk-urge-orgs-to-patch-after-clop-campaign
-
Clop Ransomware Hits Oracle Customers Via Zero-Day Flaw
The infamous Clop gang has targeted a wide range of Oracle E-Business Suite customers using a newly disclosed zero-day vulnerability. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/clop-ransomware-oracle-customers-zero-day-flaw
-
Cl0p nutzt Schwachstelle bei Oracle aus
Tags: authentication, breach, bug, business, cve, cvss, cyberattack, exploit, linkedin, mail, mandiant, oracle, update, vulnerability, zero-dayDie Cl0p-Bande nutzt Zero-Day-Schwachstelle bei Oracle für Cyberattacken aus.Oracle hat ein Notfall-Update veröffentlicht, um eine kritische Sicherheitslücke in seiner E-Business Suite (EBS) zu beheben. Das Leck mit Kennung CVE-2025-61882 hat einen CVSS-Score von 9,8 und wurde bereits bei der jüngsten Welle von Cl0p zum Diebstahl von Daten ausgenutzt.Die Sicherheitslücke betrifft einen nicht näher bezeichneten Fehler,…
-
CVE-2025-61882 Mass Exploitation, Oracle E-Business Suite (EBS) Under Attack by Cl0p Ransomware
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/cve-2025-61882-mass-exploitation-oracle-e-business-suite-ebs-under-attack-by-cl0p-ransomware
-
Clop hackers caught exploiting Oracle zero-day bug to steal executives’ personal data
Oracle fixes another security flaw that Clop hackers were using to steal sensitive personal information about executives as part of a mass-extortion campaign. First seen on techcrunch.com Jump to article: techcrunch.com/2025/10/06/clop-hackers-caught-exploiting-oracle-zero-day-bug-to-steal-executives-personal-data/
-
Extortion campaign targeting Oracle E-Business Suite customers linked to zero-day
Mandiant researchers said Clop ransomware is indeed linked to a series of emails threatening to release stolen data.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/extortion-campaign-oracle-e-business-suite-zero-day/802123/
-
Oracle Now Says ‘Critical’ Zero-Day Flaw Behind Data Extortion Attacks, Releases Patch
Oracle is linking a recent data extortion campaign targeting E-Business Suite customers to a zero-day vulnerability, with fixes released to address the critical-severity flaw, in contrast to its previous contention that the attacks resulted from unpatched known vulnerabilities. First seen on crn.com Jump to article: www.crn.com/news/security/2025/oracle-now-says-critical-zero-day-flaw-behind-data-extortion-attacks-releases-patch
-
Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers
Oracle fixed a critical flaw (CVE-2025-61882, CVSS 9.8) in E-Business Suite that is actively exploited by Cl0p cybercrime group. Oracle released an emergency patch to address a critical vulnerability, tracked as CVE-2025-61882 (CVSS 9.8) in its E-Business Suite. >>Updated [10/04/2025]: Oracle has issued Oracle Security Alert Advisory CVE-2025-61882 to provide updates against additional potential exploitation that were discovered during our investigation.
-
Critical Zero-Day in Oracle E-Business Suite Prompts Urgent Security Updates
Oracle has issued a security alert warning users of a zero-day vulnerability in its widely used Oracle E-Business Suite. Tracked as CVE-2025-61882, this flaw allows unauthenticated, remote attackers to execute arbitrary code on affected systems. The vulnerability carries a CVSS v3.1 base score of 9.8, making it one of the most critical threats to the…
-
Critical Zero-Day in Oracle E-Business Suite Prompts Urgent Security Updates
Oracle has issued a security alert warning users of a zero-day vulnerability in its widely used Oracle E-Business Suite. Tracked as CVE-2025-61882, this flaw allows unauthenticated, remote attackers to execute arbitrary code on affected systems. The vulnerability carries a CVSS v3.1 base score of 9.8, making it one of the most critical threats to the…
-
Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882)
The Cl0p extortion gang exploited multiple Oracle E-Business Suite (EBS) vulnerabilities, including one zero-day flaw (CVE-2025-61882), >>to steal large amounts of data … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/06/cl0p-oracle-data-theft-extortion-cve-2025-61882/
-
Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882)
The Cl0p extortion gang exploited multiple Oracle E-Business Suite (EBS) vulnerabilities, including one zero-day flaw (CVE-2025-61882), >>to steal large amounts of data … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/06/cl0p-oracle-data-theft-extortion-cve-2025-61882/
-
âš¡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field.This recap cuts through the noise to share what really matters”, key trends, warning signs, and stories shaping today’s security landscape. Whether you’re defending systems or just keeping up, these…
-
âš¡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field.This recap cuts through the noise to share what really matters”, key trends, warning signs, and stories shaping today’s security landscape. Whether you’re defending systems or just keeping up, these…
-
Clop crew hits Oracle E-Business Suite users with fresh zero-day
Big Red rushes out patch for 9.8-rated flaw after crooks exploit it for data theft and extortion First seen on theregister.com Jump to article: www.theregister.com/2025/10/06/clop_oracle_ebs_zeroday/