Oracle Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack

Oracle Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack

Posted on By CWS

The infamous Clop ransomware gang has listed Oracle on its darkish internet leak website, alleging a profitable breach of the tech big’s inside programs.

This growth is a part of a large extortion marketing campaign exploiting a crucial zero-day vulnerability in Oracle E-Enterprise Suite (EBS), designated as CVE-2025-61882.

The group, tracked as Sleek Spider, claims to have exfiltrated delicate information from Oracle and dozens of its high-profile prospects, marking a big escalation in provide chain assaults harking back to the MOVEit incident.​

The Zero-Day Exploit: CVE-2025-61882

The assault vector facilities on a crucial, unauthenticated distant code execution (RCE) vulnerability in Oracle E-Enterprise Suite.

Safety researchers point out that Clop associates started exploiting this flaw as early as August 2025, months earlier than Oracle launched a patch in October 2025.

The exploit chain particularly targets the OA_HTML/SyncServlet endpoint to bypass authentication, adopted by malicious XSLT template injection through OA_HTML/RF.jsp to execute arbitrary instructions.

This “pre-auth” nature allowed attackers to compromise servers with out legitimate credentials, granting them full management over delicate ERP information.​

Vulnerability DetailTechnical SpecificationCVE IDCVE-2025-61882Affected ProductOracle E-Enterprise Suite (Variations 12.2.3 – 12.2.14)Vulnerability TypeUnauthenticated Distant Code Execution (RCE)CVSS Score9.8 (Important)Exploit VectorAuthentication Bypass through SyncServlet & XSLT InjectionPatch StatusPatched (October 2025 Safety Alert)

Extortion Marketing campaign and Excessive-Profile Victims

Proof from Clop’s leak website shows a “PAGE CREATED” standing for ORACLE.COM, showing alongside main entities comparable to MAZDA.COM, HUMANA.COM, and the Washington Put up.

The itemizing of Oracle Company itself suggests the seller might have fallen sufferer to its personal software program flaw, doubtlessly exposing inside company information.

Victims report receiving extortion emails from addresses like assist@pubstorm[.]com, threatening the discharge of economic and private data if ransom calls for usually are not met.​

Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

Google Announces Android Theft Protection Feature to Make Your Device Harder Target for Hackers Google Announces Android Theft Protection Feature to Make Your Device Harder Target for Hackers Cyber Security News
BPFDoor and Symbiote Rootkits Attacking Linux Systems Exploiting eBPF Filters BPFDoor and Symbiote Rootkits Attacking Linux Systems Exploiting eBPF Filters Cyber Security News
India Mandates ‘Undeletable’ Government Cybersecurity App for All Smartphones India Mandates ‘Undeletable’ Government Cybersecurity App for All Smartphones Cyber Security News
Threat Actors Actively Hacking Websites to Inject Malicious Links and Boost their SEO Threat Actors Actively Hacking Websites to Inject Malicious Links and Boost their SEO Cyber Security News
Global Outage Disrupts Microsoft Exchange Online Access Global Outage Disrupts Microsoft Exchange Online Access Cyber Security News
FortiOS Flaw Allows Bypass of LDAP Authentication FortiOS Flaw Allows Bypass of LDAP Authentication Cyber Security News