Envoy Air experienced a data breach involving its Oracle E-Business Suite, attributed to the Clop extortion gang exploiting a zero-day vulnerability. The incident highlights the ongoing threat posed by Clop’s zero-day exploits and data theft campaigns targeting enterprise systems. #Clop #OracleZeroDay
Keypoints
- Envoy Air’s Oracle E-Business Suite was compromised, leading to a limited data leak.
- The Clop gang exploited a zero-day vulnerability, CVE-2025-61882, in their attack.
- Multiple organizations, including Harvard University, were affected by Clop’s recent data theft campaigns.
- Oracle patched the zero-day vulnerability silently after it was exploited in July 2025.
- Clop has a history of exploiting zero-days in different file transfer platforms to steal data.