Bleeping Computer

Oracle links Clop extortion attacks to July 2025 vulnerabilities

Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July 2025. While the company has yet to attribute the ...
CRN

Oracle Now Says ‘Critical’ Zero-Day Flaw Behind Data Extortion Attacks, Releases Patch

The disclosure follows reports that the cybercriminal group Clop has been extorting a significant number of E-Business Suite customers. Oracle is now linking a widespread data extortion campaign ...
Bleeping Computer

Oracle warns of Agile PLM file disclosure flaw exploited in attacks

Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files.
Dark Reading

Clop Ransomware Hits Oracle Customers Via Zero-Day Flaw

A prolific ransomware gang is targeting Oracle customers affected by a recent zero-day vulnerability. That zero-day is CVE-2025-61882, a critical flaw in Oracle E-Business Suite that enables an ...
CRN

CISA: Oracle E-Business Suite Vulnerability Exploited In Ransomware Attacks

Oracle had initially disclosed the vulnerability earlier this month, though without providing any details about exploitation. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ...
Dark Reading

Flawed Vendor Guidance Exposes Enterprises to Avoidable Risk

The fallout from Oracle's latest zero-day (CVE-2025-61882) continues to spread, with Harvard University recently disclosing it suffered a data leak stemming from an attack targeting the flaw. The ...