"More information has come to light on the recently patched Oracle E-Business Suite (EBS) zero-day, with evidence indicating that threat actors knew about the vulnerability for at least two months before it was patched. Google Threat Intelligence Group (GTIG) and Mandiant first warned about attacks aimed at Oracle E-Business Suite on October 2, after executives at many organizations received extortion emails from the Cl0p cybercrime group."
"It has since been confirmed that Cl0p was behind the attacks, and that the cybercriminals likely managed to steal large amounts of data from the EBS instances of targeted organizations since August. Oracle initially said the attacks appeared to involve exploitation of unspecified vulnerabilities patched in July, but the software giant confirmed on October 4 that a zero-day flaw has also been exploited."
Threat actors exploited a high-severity Oracle E-Business Suite zero-day (CVE-2025-61882) affecting the BI Publisher Integration component of Oracle Concurrent Processing, enabling unauthenticated remote code execution. Evidence indicates exploitation began on August 9 and continued through at least October, facilitating large-scale data theft and extortion campaigns attributed to the Cl0p cybercrime gang. CrowdStrike links activity with moderate confidence to the Russia-linked Graceful Spider group and notes the possibility of multiple exploiting groups. ShinyHunters and Scattered Spider published a proof-of-concept exploit, while earlier patches in July addressed unspecified vulnerabilities. Organizations experienced extortion emails and data exposure from targeted EBS instances.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]