"Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle's E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG) and Mandiant said in a new report released Thursday. "We're still assessing the scope of this incident, but we believe it affected dozens of organizations," John Hultquist, chief analyst of GTIG at Google Cloud, said in a statement shared with The Hacker News. "Some historic Cl0p data extortion campaigns have had hundreds of victims. Unfortunately, large-scale zero-day campaigns like this are becoming a regular feature of cybercrime.""
"The activity, which bears some hallmarks associated with the Cl0p ransomware crew, is assessed to have fashioned together multiple distinct vulnerabilities, including a zero-day flaw tracked as CVE-2025-61882 (CVSS score: 9.8), to breach target networks and exfiltrate sensitive data. Google said it found evidence of additional suspicious activity dating back to July 10, 2025, although how successful these efforts were remains unknown. Oracle has since issued patches to address the shortcoming."
Zero-day exploitation of Oracle E-Business Suite began on August 9, 2025, and likely impacted dozens of organizations. Attackers chained multiple distinct vulnerabilities including CVE-2025-61882 (CVSS 9.8) to breach networks and exfiltrate sensitive data. Evidence of suspicious activity dates back to July 10, 2025. Oracle has released patches to mitigate the flaw. The activity bears hallmarks associated with the Cl0p ransomware crew, which has previously leveraged mass zero-day exploitation across multiple file transfer products. A high-volume email campaign starting September 29, 2025, used compromised third-party accounts purchased on underground forums.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]