"The security advisory said the bug, tracked officially as CVE-2025-61882, can be "exploited over a network without the need for a username and password." The advisory provided several so-called indicators of compromise to help Oracle customers identify evidence of hackers on their systems, suggesting that hackers are currently exploiting the vulnerability to steal customers' sensitive data. Oracle says thousands of organizations around the world use its E-Business Suite to run their companies, including storing their customer data and their employee's human resources files."
"Duhart's updated post is an about-face from earlier this week, when a previous version of his post said Oracle was aware that some executives "have received extortion emails" linked to previously identified vulnerabilities patched in July, suggesting the extortion campaign was over. The newly identified zero-day bug suggests the hackers continued to exploit flaws in Oracle's E-Business software that were unknown to Oracle at the time."
Oracle released a patch for a zero-day vulnerability in Oracle E-Business Suite and urged customers to install the update immediately. The bug, tracked as CVE-2025-61882, can be exploited over a network without a username and password. Oracle provided indicators of compromise and warned that attackers are exploiting the flaw to steal sensitive data. Thousands of organizations use E-Business Suite to store customer records and employee human-resources files. The zero-day indicates exploitation occurred before Oracle had time to patch. Security researchers linked extortion emails sent to executives to the Clop group, which has pursued ransomware and extortion campaigns.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]