Several organizations have been targeted by a zero-day exploit in Oracleβs E-Business Suite (EBS) software, leading to data theft and extortion. The attack, associated with the Cl0p ransomware crew, involved multiple vulnerabilities and sophisticated malware payloads. #CVE-2025-61882 #Cl0p #OracleEBS #ZeroDayExploit
Keypoints
- The zero-day vulnerability CVE-2025-61882 was exploited to breach Oracle EBS systems and exfiltrate data.
- Multiple sophisticated malware components, including GOLDVEIN and GOLDTOMB, were used in the attack chain.
- The attackers launched a large-scale email campaign targeting company executives via compromised third-party accounts.
- Extortion emails claimed Oracle data had been stolen and demanded ransom payments.
- The attack shows similarities to past Cl0p and FIN11 campaigns, including the use of reconnaissance commands and malware overlaps.
Read More: https://thehackernews.com/2025/10/cl0p-linked-hackers-breach-dozens-of.html