Bleeping Computer

Oracle patches EBS zero-day exploited in Clop data theft attacks

Update 10/6/25 11:15 AM ET: Updated story with more information on the leaked Oracle source code and the leaking of the exploit. Oracle is warning about a critical E-Business Suite zero-day ...
SecurityWeek

CISA Confirms Exploitation of Latest Oracle EBS Vulnerability

CISA has confirmed that an Oracle E-Business Suite (EBS) vulnerability CVE-2025-61884 has been exploited in the wild.
Bleeping Computer

Oracle releases emergency patch for new E-Business Suite flaw

Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited remotely by unauthenticated attackers. Tracked as ...
Infosecurity-magazine.com

NCSC: Patch Critical Oracle EBS Bug Now

Oracle E-Business Suite (EBS) customers have been urged to patch a critical vulnerability in the product, after reports that the notorious Clop ransomware group has exploited the bug in attacks as a ...
CSOonline

Oracle issues emergency patch for zero-day flaw exploited by Cl0p ransomware gang

It’s the bad news that many customers of Oracle E-Business Suite (EBS) have been dreading: reports of ransomware attacks targeting the software have turned out to be connected to a serious zero-day ...
Infosecurity-magazine.com

Google: Clop Accessed “Significant Amount” of Data in Oracle EBS Exploit

The Clop ransomware group likely began targeting Oracle E-Business Suite (EBS) instances as early as August 9, successfully exfiltrating a “significant amount” of data new insights from Google Threat ...
CSOonline

Oracle issues second emergency patch for E-Business Suite in two weeks

Information disclosure flaw, CVE-2025-61884, emerges weeks after zero-day attacks, raising questions about broader security issues in Oracle’s flagship ERP platform. Oracle has issued its second ...
TechRadar

Oracle forced to rush out patch for zero-day exploited in attacks

Oracle patched a critical zero-day RCE flaw in E-Business Suite, actively exploited by ransomware actors Attackers used compromised email accounts to extort victims; FIN11 and Cl0p may be involved CVE ...
TechCrunch

Clop hackers caught exploiting Oracle zero-day bug to steal executives’ personal data

Oracle has fixed a zero-day vulnerability in one of its flagship business software products that a hacking group is currently abusing to steal personal information about corporate executives. In a ...
TechCrunch

‘Dozens’ of organizations had data stolen in Oracle-linked hacks

Security researchers at Google say hackers targeting corporate executives with extortion emails have stolen data from “dozens of organizations,” one of the first signs that the hacking campaign may be ...
heise online

E-Business Suite: Oracle secures software again out-of-band

Ransomware extortion attempts targeting users of Oracle's E-Business Suite were recently made public. The attackers' entry point: the critically rated zero-day security vulnerability CVE-2025-61882 ...