"UPDATE: On the emerging CL0P extortion campaign targeting Oracle E-Business Suite (EBS) customers, we can now confirm the actor likely exploited a zero-day vulnerability (CVE-2025-61882) to steal data.Here are the critical updates: ➡️ Confirmed Data Exfiltration: We've confirmed the actor successfully exfiltrated large volumes of data from victim environments in August 2025. During negotiations, CL0P actors have provided legitimate file listings to victims as proof of theft. In some cases, there is evidence of terabytes of data being stolen."
"⚠️ ACTION REQUIRED: Given that this zero-day was exploited before a patch was available, applying the patch now is not enough. Organizations must investigate their environments for evidence of historical compromise. Search email content for addresses and to identify if your organization is being extorted by CL0P."
CL0P actors successfully exfiltrated large volumes of data from Oracle E-Business Suite environments in August 2025, with evidence in some cases of terabytes stolen. The actors likely exploited multiple vulnerabilities, including CVE-2025-61882, a critical unauthenticated remote code execution flaw (CVSS 9.8). Oracle has released a security alert and patches for the vulnerability. Because exploitation occurred before patches were available, organizations must investigate historical compromise and search email content for addresses to determine whether extortion by CL0P is occurring.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]