#oracle-e-business-suite

#oracle-e-business-suite

We are aware of the incident involving Envoy's Oracle E-Business Suite application,

And over the weekend, exploit code for the recently patched flaw was made public, making it even easier for other attackers to make use of it. "It's likely that almost no one patched over the weekend," noted Jake Knott, principal security researcher at watchTowr. "So we're waking up to a critical vulnerability with public exploit code and unpatched systems everywhere. Based on the evidence, we believe this is Cl0p activity, and we fully expect to see mass, indiscriminate exploitation from multiple groups within days."

The security advisory said the bug, tracked officially as CVE-2025-61882, can be "exploited over a network without the need for a username and password." The advisory provided several so-called indicators of compromise to help Oracle customers identify evidence of hackers on their systems, suggesting that hackers are currently exploiting the vulnerability to steal customers' sensitive data. Oracle says thousands of organizations around the world use its E-Business Suite to run their companies, including storing their customer data and their employee's human resources files.

Oracle has finally broken its silence on those Clop-linked extortion emails, but only to tell customers what they already should have known: patch your damn systems. The database giant posted an impressively short blog post overnight, confirming that some E-Business Suite (EBS) users have been targeted by cybercriminals claiming to have siphoned off sensitive data, adding that the crooks appear to be exploiting holes Oracle already plugged in July.