Oracle has confirmed that a few of its prospects have acquired extortion emails and the software program big’s investigation signifies that the attackers might have exploited identified vulnerabilities.
Google Menace Intelligence Group (GTIG) and Mandiant revealed this week that executives at many organizations utilizing Oracle’s E-Enterprise Suite (EBS) enterprise useful resource planning product have acquired emails claiming the theft of delicate info.
GTIG and Mandiant researchers have but to substantiate the hackers’ claims, however identified that the extortion emails declare to return from members of the infamous Cl0p cybercrime group, and the messages have been despatched from compromised accounts beforehand linked to a different cybercrime gang tracked as FIN11.
Contacted by SecurityWeek, Oracle representatives pointed to a weblog put up revealed on Thursday by Rob Duhart, the software program big’s chief safety officer.
Duhart stated the corporate is conscious that some E-Enterprise Suite prospects have acquired extortion emails.
“Our ongoing investigation has discovered the potential use of beforehand recognized vulnerabilities which might be addressed within the July 2025 Vital Patch Replace,” Duhart defined, with out naming the doubtless exploited flaws.
Oracle mounted roughly 200 vulnerabilities with its July 2025 CPU. 9 patches had been launched for E-Enterprise Suite, together with three for flaws that may be exploited remotely with out authentication. These three vulnerabilities, all rated ‘medium severity’, are tracked as CVE-2025-30746, CVE-2025-30745 and CVE-2025-50107. Oracle’s advisory signifies that person interplay is required for his or her exploitation.
Three vulnerabilities mounted in July in E-Enterprise Suite have been assigned a ‘excessive severity’ ranking: CVE-2025-30743, CVE-2025-30744, and CVE-2025-50105. Whereas they don’t permit distant exploitation with out authentication, their exploitation doesn’t require person interplay. Commercial. Scroll to proceed studying.
If the involvement of Cl0p and/or FIN11 is confirmed, it mustn’t come as a shock. Each teams, that are linked, are identified to launch campaigns that contain the exploitation of vulnerabilities in software program that’s utilized by many organizations to deal with delicate information.
Cl0p was behind campaigns focusing on Cleo, MOVEit, and Fortra file switch merchandise. The FIN11 group was behind a marketing campaign that focused an Accellion file switch service. All of those campaigns concerned the exploitation of zero-day flaws.
Earlier this yr, Oracle confirmed that hackers managed to steal information from a legacy cloud atmosphere.
Associated: CISA Points Steering After Oracle Cloud Hack
Associated: Current Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day
Associated: 1.2 Million Impacted by WestJet Information Breach
