Oracle investigates extortion emails sent to its E-Business Suite customers, potentially linked to known vulnerabilities and cybercrime groups Cl0p and FIN11. While the hackersβ claims of sensitive data theft are unconfirmed, the incident highlights the ongoing exploitation of Oracle vulnerabilities by cybercriminals. #Cl0p #FIN11 #OracleVulnerabilities
Keypoints
- Oracle confirmed that some customers received extortion emails claiming data theft.
- The investigation suggests attackers exploited vulnerabilities addressed in the July 2025 Critical Patch Update.
- Three medium severity vulnerabilities (CVE-2025-30746, CVE-2025-30745, CVE-2025-50107) could be remotely exploited with user interaction.
- High severity vulnerabilities (CVE-2025-30743, CVE-2025-30744, CVE-2025-50105) can be exploited without remote access but require no user interaction.
- Cybercrime groups Cl0p and FIN11, linked to many software exploitation campaigns, may be involved in the ongoing attack activities.