Oracle Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack

Oracle Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack

Posted on By CWS

The infamous Clop ransomware gang has listed Oracle on its darkish internet leak website, alleging a profitable breach of the tech big’s inside programs.

This growth is a part of a large extortion marketing campaign exploiting a crucial zero-day vulnerability in Oracle E-Enterprise Suite (EBS), designated as CVE-2025-61882.

The group, tracked as Sleek Spider, claims to have exfiltrated delicate information from Oracle and dozens of its high-profile prospects, marking a big escalation in provide chain assaults harking back to the MOVEit incident.​

The Zero-Day Exploit: CVE-2025-61882

The assault vector facilities on a crucial, unauthenticated distant code execution (RCE) vulnerability in Oracle E-Enterprise Suite.

Safety researchers point out that Clop associates started exploiting this flaw as early as August 2025, months earlier than Oracle launched a patch in October 2025.

The exploit chain particularly targets the OA_HTML/SyncServlet endpoint to bypass authentication, adopted by malicious XSLT template injection through OA_HTML/RF.jsp to execute arbitrary instructions.

This “pre-auth” nature allowed attackers to compromise servers with out legitimate credentials, granting them full management over delicate ERP information.​

Vulnerability DetailTechnical SpecificationCVE IDCVE-2025-61882Affected ProductOracle E-Enterprise Suite (Variations 12.2.3 – 12.2.14)Vulnerability TypeUnauthenticated Distant Code Execution (RCE)CVSS Score9.8 (Important)Exploit VectorAuthentication Bypass through SyncServlet & XSLT InjectionPatch StatusPatched (October 2025 Safety Alert)

Extortion Marketing campaign and Excessive-Profile Victims

Proof from Clop’s leak website shows a “PAGE CREATED” standing for ORACLE.COM, showing alongside main entities comparable to MAZDA.COM, HUMANA.COM, and the Washington Put up.

The itemizing of Oracle Company itself suggests the seller might have fallen sufferer to its personal software program flaw, doubtlessly exposing inside company information.

Victims report receiving extortion emails from addresses like assist@pubstorm[.]com, threatening the discharge of economic and private data if ransom calls for usually are not met.​

Comply with us on Google Information, LinkedIn, and X for each day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

Threat Actors Abuse Velociraptor Incident Response Tool to Gain Remote Access Threat Actors Abuse Velociraptor Incident Response Tool to Gain Remote Access Cyber Security News
12-Year-Old Sudo Linux Vulnerability Enables Privilege Escalation to Root User 12-Year-Old Sudo Linux Vulnerability Enables Privilege Escalation to Root User Cyber Security News
Hackers Weaponizing Telegram Messenger with Dangerous Android Malware to Gain Full System Control Hackers Weaponizing Telegram Messenger with Dangerous Android Malware to Gain Full System Control Cyber Security News
Microsoft to Cancel Plans Imposing Daily Limit For Exchange Online Bulk E-mails Microsoft to Cancel Plans Imposing Daily Limit For Exchange Online Bulk E-mails Cyber Security News
U.S. Treasury Warns of Crypto ATMs Fueling Criminal Activity U.S. Treasury Warns of Crypto ATMs Fueling Criminal Activity Cyber Security News
TA584 Actors Leveraging ClickFix Social Engineering to Deliver Tsundere Bot Malware TA584 Actors Leveraging ClickFix Social Engineering to Deliver Tsundere Bot Malware Cyber Security News