"Mandiant confirmed to The Register that Clop has exploited multiple vulnerabilities in Oracle's EBS, including this new zero-day. In a post on LinkedIn, Mandiant CTO Charles Carmakal elaborated, warning of "mass exploitation" by Clop. "Clop exploited multiple vulnerabilities in Oracle EBS which enabled them to steal large amounts of data from several victims in August 2025," he wrote. "CVE-2025-61882 is a critical (9.8 CVSS) vulnerability that enables unauthenticated remote code execution. Given the broad mass 0-day exploitation that has already occurred... organizations should examine whether they were already compromised.""
"Oracle is also sounding the alarm bells, warning in its advisory that the vulnerability "may be exploited over a network without the need for a username and password." Indicators of compromise shared by the company also suggest that Scattered Lapsus$ Hunters, a group thought to be a rebrand of the chaotic Lapsus$ collective, may have had access to the same exploit. The crew resurfaced last week with a new leak site boasting fresh data dumps, raising the possibility of overlapping operations or shared tooling between La"
Oracle released an emergency patch for a zero-day in E-Business Suite, CVE-2025-61882, which permits unauthenticated remote code execution and holds a CVSS score of 9.8. Criminal group Clop exploited the flaw in data theft and extortion campaigns, combining it with previously abused, unpatched EBS vulnerabilities. Mandiant confirmed mass exploitation and reported large-scale data theft in August 2025, urging organizations to check for compromises. Oracle warned the vulnerability may be exploited over a network without credentials and shared indicators of compromise. Evidence suggests Scattered Lapsus$ Hunters may also have access to the same exploit, and a new leak site surfaced.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]